You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(api): stop canonical path matching at the project boundary
_canonical_file_path followed escaping symlinks with os.scandir before the
post-canonicalization containment check rejected the request: on a
case-sensitive filesystem a wrong-cased request like 'LINK/secret.md' passes
the pre-check (the path does not exist, so resolve() never follows the real
'link' symlink), and segment matching then descended through 'link' and
scanned the outside directory — an information touch beyond the project
boundary even though the request was ultimately rejected.
Re-check the boundary at every traversal step: before scanning the current
directory, its fully-resolved path must still be contained in the resolved
project home; bail with None the moment resolution escapes. The
post-canonicalization checks remain as defense in depth, and symlinks whose
targets stay inside the project keep canonicalizing as before.
Regression tests spy on os.scandir to prove the outside directory is never
scanned (meaningful on case-insensitive macOS too, where the pre-check
already rejects the request), and exercise the boundary bail directly so it
is covered on every filesystem.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: phernandez <paul@basicmachines.co>
0 commit comments