Skip to content

Comments

Daily fixes#1832

Open
dgageot wants to merge 2 commits intodocker:mainfrom
dgageot:fixes
Open

Daily fixes#1832
dgageot wants to merge 2 commits intodocker:mainfrom
dgageot:fixes

Conversation

@dgageot
Copy link
Member

@dgageot dgageot commented Feb 24, 2026

No description provided.

@dgageot
Fix path traversal vulnerability in ACP filesystem operations
1dcf3f7 
Add path validation to handleReadFile, handleWriteFile, and handleEditFile
in the ACP filesystem toolset. User-supplied paths are now resolved and
validated to ensure they do not escape the configured working directory.

Previously, paths like '../../etc/passwd' could be used to access files
outside the working directory. The new resolvePath method converts paths
to absolute form and checks they remain within the working directory
boundary.

Fixes docker#1823

Assisted-By: cagent
@dgageot
Log errors when persisting session title in TUI
4ba235d 
The persistSessionTitle function silently discarded errors from
UpdateSessionTitle (other than ErrTitleGenerating). Add slog.Warn
so failures are visible in debug logs.

Fixes docker#1821

Assisted-By: cagent
@dgageot dgageot requested a review from a team as a code owner February 24, 2026 08:56
docker-agent[bot]
docker-agent bot reviewed Feb 24, 2026
View reviewed changes
Copy link

@docker-agent docker-agent bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Summary

This PR adds security improvements for path traversal protection in the filesystem toolset and improves error logging. However, there is one issue that should be addressed: the path validation logic doesn't account for case-insensitive filesystems (Windows and macOS), which could potentially allow path traversal attacks on those platforms.

pkg/acp/filesystem.go
return "", fmt.Errorf("failed to resolve path: %w", err)
}
// Ensure the resolved path is within the working directory
if !strings.HasPrefix(absResolved, absWorkingDir+string(filepath.Separator)) && absResolved != absWorkingDir {
Copy link

@docker-agent docker-agent bot Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Path validation doesn't account for case-insensitive filesystems

The path traversal check uses strings.HasPrefix, which performs a case-sensitive comparison. On Windows and macOS (case-insensitive filesystems), this could be problematic. For example, if absWorkingDir is C:\Users\App and an attacker provides a path that resolves to C:\users\app\..\..\sensitive, the case difference could cause the validation to fail incorrectly or behave unexpectedly.

Consider using case-insensitive path comparisons on Windows and macOS, or use filepath.EvalSymlinks followed by case-normalized comparison to ensure proper validation on case-insensitive filesystems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@docker-agent docker-agent[bot] docker-agent[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dgageot