Bug: list-directory path traversal — missing path.sep in startsWith check #463
Description
Description
The path traversal check in listDirectory() can be bypassed using sibling directory names that share a prefix with the project path.
Root Cause
In sdk/src/tools/list-directory.ts (line 16):
const resolvedPath = path.resolve(projectPath, directoryPath)
if (!resolvedPath.startsWith(projectPath)) { ... }If projectPath is /home/user/project and directoryPath is ../project-evil, the resolved path /home/user/project-evil passes the startsWith('/home/user/project') check because it's a string prefix match.
The same codebase gets this right in code-search.ts (lines 52-53):
if (
!searchCwd.startsWith(projectRoot + path.sep) &&
searchCwd !== projectRoot
) { ... }Impact
A sandboxed agent or user-controlled directoryPath parameter can list directories outside the declared project root, as long as the sibling directory name starts with the project directory name.
Suggested Fix
if (
!resolvedPath.startsWith(projectPath + path.sep) &&
resolvedPath !== projectPath
) {
return [{ type: 'json', value: { errorMessage: `Invalid path...` } }]
}This matches the pattern already used in code-search.ts.