Fix path traversal in LocalEnvironment._resolve_path

Add containment check using pathlib.Path.resolve() and relative_to() to
prevent directory traversal attacks. Previously, absolute paths were
returned without validation, and relative paths using ../ could escape
the workspace directory boundary.

Fixes #5869

Author: Ashutosh0x

src/google/adk/environment/_local_environment.py

@@ -20,6 +20,7 @@
 import logging
 import os
 from pathlib import Path
+from pathlib import Path as PathLib
 import shutil
 import tempfile
 from typing import Optional
@@ -139,11 +140,20 @@ async def write_file(self, path: str | Path, content: str | bytes) -> None:
     return await asyncio.to_thread(self._sync_write, resolved, content)
 
   def _resolve_path(self, path: str | Path) -> str:
-    """Resolve a relative path against the working directory."""
-    path = str(path)
-    if os.path.isabs(path):
-      return path
-    return os.path.join(self._working_dir, path)
+    """Resolve path against working directory and check for directory traversal."""
+    working_dir = PathLib(self._working_dir).resolve()
+    target = PathLib(str(path))
+    if not target.is_absolute():
+      target = working_dir / target
+    resolved_target = target.resolve()
+    try:
+      resolved_target.relative_to(working_dir)
+    except ValueError:
+      raise PermissionError(
+          f"Access denied: path '{path}' resolves outside the workspace"
+          f" directory '{working_dir}'."
+      )
+    return str(resolved_target)
 
   @staticmethod
   def _sync_read(path: str) -> bytes: