You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
and passes that path to SQLite readfile() without first calling agmsg_validate_team_name.
The centralized validator added by #147 for #140 covers the existing registry entry points that turn team names into paths. send.sh did not use a team config path at that time. The roster validation added in #409 (merged as e26e80e) introduced this new path resolution/read and omitted the corresponding validation.
Impact
A local caller who controls <team> and does not use --force can make the roster check resolve a config.json outside the intended teams/ directory.
This is a path-containment issue, but it does not directly disclose arbitrary file contents:
the constructed pathname always appends /config.json; filesystem symlinks can still redirect the file that is opened;
the initial [ -f "$TEAM_CONFIG" ] check can reveal whether the constructed path resolves to a regular file;
for config-shaped JSON, error output can expose keys under agents;
if the supplied from and to names match those keys, the message insert can proceed under the caller-supplied team string.
This path does not write to the external config file. --force currently skips the roster read, but it should bypass roster membership only, not team-name safety.
Suggested fix
Source the existing validator and validate TEAM unconditionally before any config-path resolution or database initialization:
Summary
In v1.1.8 and current
main(f583856),send.shresolves the roster config as:TEAM_CONFIG="$SCRIPT_DIR/../teams/$TEAM/config.json"and passes that path to SQLite
readfile()without first callingagmsg_validate_team_name.The centralized validator added by #147 for #140 covers the existing registry entry points that turn team names into paths.
send.shdid not use a team config path at that time. The roster validation added in #409 (merged ase26e80e) introduced this new path resolution/read and omitted the corresponding validation.Impact
A local caller who controls
<team>and does not use--forcecan make the roster check resolve aconfig.jsonoutside the intendedteams/directory.This is a path-containment issue, but it does not directly disclose arbitrary file contents:
/config.json; filesystem symlinks can still redirect the file that is opened;[ -f "$TEAM_CONFIG" ]check can reveal whether the constructed path resolves to a regular file;agents;fromandtonames match those keys, the message insert can proceed under the caller-supplied team string.This path does not write to the external config file.
--forcecurrently skips the roster read, but it should bypass roster membership only, not team-name safety.Suggested fix
Source the existing validator and validate
TEAMunconditionally before any config-path resolution or database initialization:This preserves
--forcefor safe, not-yet-registered team names while preventing it from bypassing the team-name safety contract.Regression tests
Please add coverage in
tests/test_messaging.batsfor:agmsg_validate_team_name;--forceis supplied;config.jsonis not consulted and no message is inserted;--forcefor a safe, nonexistent team name;References
agmsg/scripts/send.sh
Lines 15 to 60 in f583856
agmsg/scripts/lib/validate.sh
Lines 19 to 47 in f583856