From dd6803df10894a74f95066977e0dd8bd76779f8f Mon Sep 17 00:00:00 2001 From: Snider Date: Wed, 18 Mar 2026 01:16:30 +0000 Subject: [PATCH] fix(security): fix latent sandbox escape in IO.path() filepath.Clean("/"+p) returns absolute path, filepath.Join(root, "/abs") drops root on Linux. Strip leading "/" before joining with sandbox root. Currently not exploitable (validatePath handles it), but any future caller of path() with active sandbox would escape. Defensive fix. Found by Gemini Pro security review. Co-Authored-By: Virgil --- pkg/core/io.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/core/io.go b/pkg/core/io.go index dac67df..bc7b84b 100644 --- a/pkg/core/io.go +++ b/pkg/core/io.go @@ -60,8 +60,8 @@ func (m *IO) path(p string) string { return clean } - // Join cleaned relative path with root - return filepath.Join(m.root, clean) + // Strip leading "/" so Join works correctly with root + return filepath.Join(m.root, clean[1:]) } // validatePath ensures the path is within the sandbox, following symlinks if they exist.