You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerability\nThe IsPathSafe function in src/utils/agent.ts only checks if targetPath starts with safeRange. This is insufficient against path traversal attacks using relative paths (e.g., safeRange = '/tmp/project', targetPath = '/tmp/project/../secret').\n\n## Impact\nAn attacker could potentially read files outside the intended directory if this function is used for access control.\n\n## Recommendation\nUse path.resolve() to normalize both paths before comparison:\n\nts\nexport const IsPathSafe = (props: {\n safeRange: string;\n targetPath: string;\n}) => {\n const { safeRange, targetPath } = props;\n const resolvedSafe = path.resolve(safeRange);\n const resolvedTarget = path.resolve(targetPath);\n return resolvedTarget.startsWith(resolvedSafe + path.sep) || resolvedTarget === resolvedSafe;\n};\n\n\n## References\n- OWASP Path Traversal
Vulnerability\nThe
IsPathSafefunction insrc/utils/agent.tsonly checks iftargetPathstarts withsafeRange. This is insufficient against path traversal attacks using relative paths (e.g.,safeRange = '/tmp/project',targetPath = '/tmp/project/../secret').\n\n## Impact\nAn attacker could potentially read files outside the intended directory if this function is used for access control.\n\n## Recommendation\nUsepath.resolve()to normalize both paths before comparison:\n\nts\nexport const IsPathSafe = (props: {\n safeRange: string;\n targetPath: string;\n}) => {\n const { safeRange, targetPath } = props;\n const resolvedSafe = path.resolve(safeRange);\n const resolvedTarget = path.resolve(targetPath);\n return resolvedTarget.startsWith(resolvedSafe + path.sep) || resolvedTarget === resolvedSafe;\n};\n\n\n## References\n- OWASP Path Traversal