fix(security): harden archive extraction (#16203)

* fix(browser): confine upload paths for file chooser * fix(browser): sanitize suggested download filenames * chore(lint): avoid control regex in download sanitizer * test(browser): cover absolute escape paths * docs(browser): update upload example path * refactor(browser): centralize upload path confinement * fix(infra): harden tmp dir selection * fix(security): harden archive extraction * fix(infra): harden tar extraction filter
2026-05-08 16:48:26 +00:00 · 2026-02-14 14:42:08 +01:00
parent 9a134c8a10
commit 3aa94afcfd
19 changed files with 1179 additions and 100 deletions
--- a/src/browser/routes/agent.act.ts
+++ b/src/browser/routes/agent.act.ts
@@ -14,7 +14,12 @@ import {
  resolveProfileContext,
  SELECTOR_UNSUPPORTED_MESSAGE,
 } from "./agent.shared.js";
-import { DEFAULT_DOWNLOAD_DIR, resolvePathWithinRoot } from "./path-output.js";
+import {
+  DEFAULT_DOWNLOAD_DIR,
+  DEFAULT_UPLOAD_DIR,
+  resolvePathWithinRoot,
+  resolvePathsWithinRoot,
+} from "./path-output.js";
 import { jsonError, toBoolean, toNumber, toStringArray, toStringOrEmpty } from "./utils.js";

 export function registerBrowserAgentActRoutes(
@@ -355,6 +360,17 @@ export function registerBrowserAgentActRoutes(
      return jsonError(res, 400, "paths are required");
    }
    try {
+      const uploadPathsResult = resolvePathsWithinRoot({
+        rootDir: DEFAULT_UPLOAD_DIR,
+        requestedPaths: paths,
+        scopeLabel: `uploads directory (${DEFAULT_UPLOAD_DIR})`,
+      });
+      if (!uploadPathsResult.ok) {
+        res.status(400).json({ error: uploadPathsResult.error });
+        return;
+      }
+      const resolvedPaths = uploadPathsResult.paths;
+
      const tab = await profileCtx.ensureTabAvailable(targetId);
      const pw = await requirePwAi(res, "file chooser hook");
      if (!pw) {
@@ -369,13 +385,13 @@ export function registerBrowserAgentActRoutes(
          targetId: tab.targetId,
          inputRef,
          element,
-          paths,
+          paths: resolvedPaths,
        });
      } else {
        await pw.armFileUploadViaPlaywright({
          cdpUrl: profileCtx.profile.cdpUrl,
          targetId: tab.targetId,
-          paths,
+          paths: resolvedPaths,
          timeoutMs: timeoutMs ?? undefined,
        });
        if (ref) {