github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 21:44:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(browser): harden writable output paths

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-01 23:25:13 +00:00
parent 51bccaf988
commit 6a80e9db05
7 changed files with 219 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/browser/paths.ts
View File

@@ -54,6 +54,9 @@ async function validateCanonicalPathWithinRoot(params: {
if (params.expect === "file" && !candidateLstat.isFile()) {
return "invalid";
}
if (params.expect === "file" && candidateLstat.nlink > 1) {
return "invalid";
}
const candidateRealPath = await fs.realpath(params.candidatePath);
return isPathInside(params.rootRealPath, candidateRealPath) ? "ok" : "invalid";
} catch (err) {