nthfuncx/nanoclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix critical skills path-remap root escape (including symlink traversal) (#367)

Browse Source 
* Block skills path-remap escapes outside project root

* Harden path remap against symlink-based root escape

* test: isolate update tests from real git index
This commit is contained in:
Lawyered
2026-02-22 17:10:45 -05:00
committed by GitHub
parent 264f855566
commit 856f98023c
4 changed files with 274 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
skills-engine/__tests__/path-remap.test.ts
View File

@@ -1,6 +1,9 @@
import fs from 'fs';
import path from 'path';
import { afterEach, beforeEach, describe, expect, it } from 'vitest';
import { loadPathRemap, recordPathRemap, resolvePathRemap } from '../path-remap.js';
import { readState, writeState } from '../state.js';
import {
cleanup,
createMinimalState,
@@ -38,6 +41,43 @@ describe('path-remap', () => {
it('returns original path when remap is empty', () => {
expect(resolvePathRemap('src/file.ts', {})).toBe('src/file.ts');
});
it('ignores remap entries that escape project root', () => {
const remap = { 'src/file.ts': '../../outside.txt' };
expect(resolvePathRemap('src/file.ts', remap)).toBe('src/file.ts');
});
it('ignores remap target that resolves through symlink outside project root', () => {
const outsideDir = fs.mkdtempSync(
path.join(path.dirname(tmpDir), 'nanoclaw-remap-outside-'),
);
const linkPath = path.join(tmpDir, 'link-out');
try {
fs.symlinkSync(outsideDir, linkPath);
} catch (err) {
const code = (err as NodeJS.ErrnoException).code;
if (code === 'EPERM' || code === 'EACCES' || code === 'ENOSYS') {
fs.rmSync(outsideDir, { recursive: true, force: true });
return;
}
fs.rmSync(outsideDir, { recursive: true, force: true });
throw err;
}
try {
const remap = { 'src/file.ts': 'link-out/pwned.txt' };
expect(resolvePathRemap('src/file.ts', remap)).toBe('src/file.ts');
} finally {
fs.rmSync(outsideDir, { recursive: true, force: true });
}
});
it('throws when requested path itself escapes project root', () => {
expect(() => resolvePathRemap('../../outside.txt', {})).toThrow(
/escapes project root/i,
);
});
});
describe('loadPathRemap', () => {
@@ -51,6 +91,51 @@ describe('path-remap', () => {
const remap = loadPathRemap();
expect(remap).toEqual({ 'src/a.ts': 'src/b.ts' });
});
it('drops unsafe remap entries stored in state', () => {
const state = readState();
state.path_remap = {
'src/a.ts': 'src/b.ts',
'src/evil.ts': '../../outside.txt',
};
writeState(state);
const remap = loadPathRemap();
expect(remap).toEqual({ 'src/a.ts': 'src/b.ts' });
});
it('drops symlink-based escape entries stored in state', () => {
const outsideDir = fs.mkdtempSync(
path.join(path.dirname(tmpDir), 'nanoclaw-remap-outside-'),
);
const linkPath = path.join(tmpDir, 'link-out');
try {
fs.symlinkSync(outsideDir, linkPath);
} catch (err) {
const code = (err as NodeJS.ErrnoException).code;
if (code === 'EPERM' || code === 'EACCES' || code === 'ENOSYS') {
fs.rmSync(outsideDir, { recursive: true, force: true });
return;
}
fs.rmSync(outsideDir, { recursive: true, force: true });
throw err;
}
try {
const state = readState();
state.path_remap = {
'src/a.ts': 'src/b.ts',
'src/evil.ts': 'link-out/pwned.txt',
};
writeState(state);
const remap = loadPathRemap();
expect(remap).toEqual({ 'src/a.ts': 'src/b.ts' });
} finally {
fs.rmSync(outsideDir, { recursive: true, force: true });
}
});
});
describe('recordPathRemap', () => {
@@ -73,5 +158,11 @@ describe('path-remap', () => {
recordPathRemap({ 'src/a.ts': 'src/c.ts' });
expect(loadPathRemap()).toEqual({ 'src/a.ts': 'src/c.ts' });
});
it('rejects unsafe remap entries', () => {
expect(() =>
recordPathRemap({ 'src/a.ts': '../../outside.txt' }),
).toThrow(/escapes project root/i);
});
});
});