core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-cli
History
Avi Rosenberg ab4cb94227
fix: Normalize paths in resolvePathAgainstWorkdir to prevent path traversal vulnerability (#895) 
This PR fixes a potential path traversal vulnerability by ensuring all
paths are properly normalized in the `resolvePathAgainstWorkdir`
function.

## Changes
- Added path normalization for both absolute and relative paths
- Ensures normalized paths are used in all subsequent operations
- Prevents potential path traversal attacks through non-normalized paths

This minimal change addresses the security concern without adding
unnecessary complexity, while maintaining compatibility with existing
code.
2025-05-12 13:44:00 -07:00
..
bin chore: introduce new --native flag to Node module release process (#844) 2025-05-12 13:38:10 -07:00
examples fix: typos in prompts and comments (#195) 2025-04-17 07:12:39 -07:00
scripts chore: introduce new --native flag to Node module release process (#844) 2025-05-12 13:38:10 -07:00
src fix: Normalize paths in resolvePathAgainstWorkdir to prevent path traversal vulnerability (#895) 2025-05-12 13:44:00 -07:00
tests fix: increase output limits for truncating collector (#575) 2025-05-05 10:26:55 -07:00
.dockerignore (fix) update Docker container scripts (#47) 2025-04-16 12:02:41 -07:00
.editorconfig Initial commit 2025-04-16 12:56:08 -04:00
.eslintrc.cjs chore: introduce new --native flag to Node module release process (#844) 2025-05-12 13:38:10 -07:00
.gitignore chore: make build process a single script to run (#757) 2025-05-01 08:36:07 -07:00
build.mjs chore(build): cleanup dist before build (#477) 2025-04-21 12:35:25 -04:00
Dockerfile fix: only allow running without sandbox if explicitly marked in safe container (#699) 2025-04-28 07:48:38 -07:00
HUSKY.md Feat/add husky (#223) 2025-04-17 07:18:43 -07:00
ignore-react-devtools-plugin.js Initial commit 2025-04-16 12:56:08 -04:00
package.json chore: introduce new --native flag to Node module release process (#844) 2025-05-12 13:38:10 -07:00
require-shim.js Initial commit 2025-04-16 12:56:08 -04:00
tsconfig.json fix: /bug report command, thinking indicator (#381) 2025-04-18 18:13:34 -07:00
vite.config.ts fix: add empty vite config file to prevent resolving to parent (#273) 2025-04-17 17:03:15 -07:00