🛡️ Sentinel: [HIGH] Fix path traversal in URL interpolation

plan.md

@@ -0,0 +1,9 @@
+1. **Identify the vulnerability:** The vulnerability is described in `.jules/sentinel.md` as "2025-05-23 - [HIGH] Path Traversal in Composite Tool Execution". `CompositeExecutor.resolvePath` does not securely encode user input before substituting it into the API path template. It uses `encodeURIComponent()`, which is a start, but it doesn't escape `.`, which means input like `../admin` can result in path traversal like `/projects/..%2Fadmin`, which a backend server may normalize to `/admin`.
+2. **Review existing solution:** `src/mcp/mcp-server.ts` already has an implementation in `encodePathSegment` that does `return val.includes('/') ? encodeURIComponent(val) : val;`. Wait, that doesn't handle `..` either. Actually, the prompt says: "When interpolating user input into URL paths (e.g., in `CompositeExecutor`), use `encodeURIComponent(value).replace(/\./g, '%2E')` instead of just `encodeURIComponent` to prevent path traversal vulnerabilities, as `encodeURIComponent` does not encode dot (`.`) characters."
+3. **Plan:**
+   - Modify `src/tooling/composite-executor.ts`'s `resolvePath` method to use `encodeURIComponent(value).replace(/\./g, '%2E')` instead of `encodeURIComponent`.
+   - Wait, `mcp-server.ts` also has a `resolvePath` method that uses `encodePathSegment`. I should probably update that too if it's doing path segment encoding, but let me check if `CompositeExecutor` is the main focus based on the Sentinel journal and test case. The test `src/tooling/composite-executor-security.test.ts` specifically tests `CompositeExecutor`.
+   - Update `CompositeExecutor` to securely encode path parameters.
+   - Run tests to verify the fix works and doesn't break other things.
+   - Complete pre-commit instructions.
+   - Submit.

src/mcp/mcp-server.ts

@@ -1107,7 +1107,7 @@ export class MCPServer {
    */
   private encodePathSegment(value: unknown): string {
     const val = String(value);
-    return val.includes('/') ? encodeURIComponent(val) : val;
+    return val.includes('/') ? encodeURIComponent(val).replace(/\./g, '%2E') : val.replace(/\./g, '%2E');
   }
 
   /**

src/tooling/composite-executor-security.test.ts

@@ -67,7 +67,7 @@ describe('CompositeExecutor Security', () => {
     // Fixed behavior: path contains encoded "%2E%2E"
     // Note: encodeURIComponent('../admin/secrets') => ..%2Fadmin%2Fsecrets
     // The slashes inside the injected value are encoded, preventing directory traversal
-    const expectedFixedPath = '/users/..%2Fadmin%2Fsecrets/profile';
+    const expectedFixedPath = '/users/%2E%2E%2Fadmin%2Fsecrets/profile';
 
     expect(capturedPaths[0]).toBe(expectedFixedPath);
   });

src/tooling/composite-executor.ts

@@ -171,14 +171,14 @@ export class CompositeExecutor {
     return template.replace(/\{(\w+)\}/g, (_, key) => {
       // Try direct match first
       if (args[key] !== undefined) {
-        return encodeURIComponent(String(args[key]));
+        return encodeURIComponent(String(args[key])).replace(/\./g, '%2E');
       }
 
       // Try aliases from profile
       const possibleAliases = this.parameterAliases[key] || [];
       for (const alias of possibleAliases) {
         if (args[alias] !== undefined) {
-          return encodeURIComponent(String(args[alias]));
+          return encodeURIComponent(String(args[alias])).replace(/\./g, '%2E');
         }
       }