[security] Path Traversal Vulnerability in File Operations #1823
Description
🔴 critical - security
File: pkg/acp/filesystem.go (line ~50, in handleReadFile)
Code
resp, err := t.agent.conn.ReadTextFile(ctx, acp.ReadTextFileRequest{
SessionId: acp.SessionId(sessionID),
Path: filepath.Join(t.workingDir, args.Path),
})Problem
The file path is constructed using filepath.Join with user-supplied input (args.Path) without proper sanitization. An attacker could supply a path like "../../secret.txt" to traverse out of the intended working directory and access unauthorized files.
Suggested Fix
Sanitize and validate the resulting path after joining. For example, use filepath.Clean and then verify that the final path is within the expected working directory. This prevents directory traversal attacks.
Found by nightly codebase scan