fix(security): harden archive extraction (#16203)

* fix(browser): confine upload paths for file chooser * fix(browser): sanitize suggested download filenames * chore(lint): avoid control regex in download sanitizer * test(browser): cover absolute escape paths * docs(browser): update upload example path * refactor(browser): centralize upload path confinement * fix(infra): harden tmp dir selection * fix(security): harden archive extraction * fix(infra): harden tar extraction filter
2026-05-08 16:18:26 +00:00 · 2026-02-14 14:42:08 +01:00
parent 9a134c8a10
commit 3aa94afcfd
19 changed files with 1179 additions and 100 deletions
--- a/src/agents/tools/browser-tool.ts
+++ b/src/agents/tools/browser-tool.ts
@@ -21,6 +21,7 @@ import {
 } from "../../browser/client.js";
 import { resolveBrowserConfig } from "../../browser/config.js";
 import { DEFAULT_AI_SNAPSHOT_MAX_CHARS } from "../../browser/constants.js";
+import { DEFAULT_UPLOAD_DIR, resolvePathsWithinRoot } from "../../browser/paths.js";
 import { loadConfig } from "../../config/config.js";
 import { saveMediaBuffer } from "../../media/store.js";
 import { wrapExternalContent } from "../../security/external-content.js";
@@ -724,6 +725,15 @@ export function createBrowserTool(opts?: {
          if (paths.length === 0) {
            throw new Error("paths required");
          }
+          const uploadPathsResult = resolvePathsWithinRoot({
+            rootDir: DEFAULT_UPLOAD_DIR,
+            requestedPaths: paths,
+            scopeLabel: `uploads directory (${DEFAULT_UPLOAD_DIR})`,
+          });
+          if (!uploadPathsResult.ok) {
+            throw new Error(uploadPathsResult.error);
+          }
+          const normalizedPaths = uploadPathsResult.paths;
          const ref = readStringParam(params, "ref");
          const inputRef = readStringParam(params, "inputRef");
          const element = readStringParam(params, "element");
@@ -738,7 +748,7 @@ export function createBrowserTool(opts?: {
              path: "/hooks/file-chooser",
              profile,
              body: {
-                paths,
+                paths: normalizedPaths,
                ref,
                inputRef,
                element,
@@ -750,7 +760,7 @@ export function createBrowserTool(opts?: {
          }
          return jsonResult(
            await browserArmFileChooser(baseUrl, {
-              paths,
+              paths: normalizedPaths,
              ref,
              inputRef,
              element,