fix(security): block workspace hardlink alias escapes

2026-05-07 22:51:23 +00:00 · 2026-02-26 03:42:22 +01:00
parent 53fcfdf794
commit 04d91d0319
8 changed files with 176 additions and 21 deletions
--- a/src/infra/hardlink-guards.ts
+++ b/src/infra/hardlink-guards.ts
@@ -0,0 +1,38 @@
+import fs from "node:fs/promises";
+import os from "node:os";
+import { isNotFoundPathError } from "./path-guards.js";
+
+export async function assertNoHardlinkedFinalPath(params: {
+  filePath: string;
+  root: string;
+  boundaryLabel: string;
+  allowFinalHardlink?: boolean;
+}): Promise<void> {
+  if (params.allowFinalHardlink) {
+    return;
+  }
+  let stat: Awaited<ReturnType<typeof fs.stat>>;
+  try {
+    stat = await fs.stat(params.filePath);
+  } catch (err) {
+    if (isNotFoundPathError(err)) {
+      return;
+    }
+    throw err;
+  }
+  if (!stat.isFile()) {
+    return;
+  }
+  if (stat.nlink > 1) {
+    throw new Error(
+      `Hardlinked path is not allowed under ${params.boundaryLabel} (${shortPath(params.root)}): ${shortPath(params.filePath)}`,
+    );
+  }
+}
+
+function shortPath(value: string) {
+  if (value.startsWith(os.homedir())) {
+    return `~${value.slice(os.homedir().length)}`;
+  }
+  return value;
+}