github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 13:44:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(sandbox): block @-prefixed workspace path bypass

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 17:22:46 +00:00
parent f154926cc0
commit 9ef0fc2ff8
6 changed files with 58 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/agents/sandbox/fs-paths.ts
View File

@@ -227,7 +227,13 @@ function isPathInsidePosix(root: string, target: string): boolean {
function isPathInsideHost(root: string, target: string): boolean {
const canonicalRoot = resolveSandboxHostPathViaExistingAncestor(path.resolve(root));
const canonicalTarget = resolveSandboxHostPathViaExistingAncestor(path.resolve(target));
const resolvedTarget = path.resolve(target);
// Preserve the final path segment so pre-existing symlink leaves are validated
// by the dedicated symlink guard later in the bridge flow.
const canonicalTargetParent = resolveSandboxHostPathViaExistingAncestor(
path.dirname(resolvedTarget),
);
const canonicalTarget = path.resolve(canonicalTargetParent, path.basename(resolvedTarget));
const rel = path.relative(canonicalRoot, canonicalTarget);
if (!rel) {
return true;