Add path-containment validation for resolved skill directories

samuv · samuv · commit cccfacf28098 · 2026-04-13T09:34:49.000+02:00
Apply filepath.Clean at path resolution time and validate against
traversal segments before any filesystem operation.
diff --git a/pkg/skills/skillsvc/skillsvc.go b/pkg/skills/skillsvc/skillsvc.go
@@ -1247,6 +1247,7 @@ func (s *service) resolveAndValidateClients(
 			}
 			return nil, nil, fmt.Errorf("resolving skill path for client %q: %w", ct, err)
 		}
+		dir = filepath.Clean(dir)
 		if err := validateResolvedDir(dir); err != nil {
 			return nil, nil, fmt.Errorf("resolved path for client %q is unsafe: %w", ct, err)
 		}
@@ -1276,6 +1277,7 @@ func (s *service) expandToExistingClients(
 		if err != nil {
 			return nil, nil, fmt.Errorf("resolving skill path for existing client %q: %w", ct, err)
 		}
+		dir = filepath.Clean(dir)
 		if err := validateResolvedDir(dir); err != nil {
 			return nil, nil, fmt.Errorf("resolved path for client %q is unsafe: %w", ct, err)
 		}
@@ -1284,15 +1286,13 @@ func (s *service) expandToExistingClients(
 	return allClients, allDirs, nil
 }
 
-// validateResolvedDir ensures a directory path returned by the PathResolver is
-// clean, absolute, and free of path-traversal segments. This provides
-// defense-in-depth against tainted paths reaching filesystem operations.
+// validateResolvedDir ensures a directory path is absolute and free of
+// path-traversal segments. Callers must pass a filepath.Clean'd value.
 func validateResolvedDir(dir string) error {
-	cleaned := filepath.Clean(dir)
-	if !filepath.IsAbs(cleaned) {
+	if !filepath.IsAbs(dir) {
 		return fmt.Errorf("path must be absolute, got %q", dir)
 	}
-	for _, seg := range strings.Split(filepath.ToSlash(cleaned), "/") {
+	for _, seg := range strings.Split(filepath.ToSlash(dir), "/") {
 		if seg == ".." {
 			return fmt.Errorf("path contains traversal segment: %q", dir)
 		}

Original file line number	Diff line number	Diff line change
`@@ -1247,6 +1247,7 @@ func (s *service) resolveAndValidateClients(`
`1247`	`1247`	`}`
`1248`	`1248`	`return nil, nil, fmt.Errorf("resolving skill path for client %q: %w", ct, err)`
`1249`	`1249`	`}`
	`1250`	`+ dir = filepath.Clean(dir)`
`1250`	`1251`	`if err := validateResolvedDir(dir); err != nil {`
`1251`	`1252`	`return nil, nil, fmt.Errorf("resolved path for client %q is unsafe: %w", ct, err)`
`1252`	`1253`	`}`
`@@ -1276,6 +1277,7 @@ func (s *service) expandToExistingClients(`
`1276`	`1277`	`if err != nil {`
`1277`	`1278`	`return nil, nil, fmt.Errorf("resolving skill path for existing client %q: %w", ct, err)`
`1278`	`1279`	`}`
	`1280`	`+ dir = filepath.Clean(dir)`
`1279`	`1281`	`if err := validateResolvedDir(dir); err != nil {`
`1280`	`1282`	`return nil, nil, fmt.Errorf("resolved path for client %q is unsafe: %w", ct, err)`
`1281`	`1283`	`}`
`@@ -1284,15 +1286,13 @@ func (s *service) expandToExistingClients(`
`1284`	`1286`	`return allClients, allDirs, nil`
`1285`	`1287`	`}`
`1286`	`1288`
`1287`		`-// validateResolvedDir ensures a directory path returned by the PathResolver is`
`1288`		`-// clean, absolute, and free of path-traversal segments. This provides`
`1289`		`-// defense-in-depth against tainted paths reaching filesystem operations.`
	`1289`	`+// validateResolvedDir ensures a directory path is absolute and free of`
	`1290`	`+// path-traversal segments. Callers must pass a filepath.Clean'd value.`
`1290`	`1291`	`func validateResolvedDir(dir string) error {`
`1291`		`- cleaned := filepath.Clean(dir)`
`1292`		`- if !filepath.IsAbs(cleaned) {`
	`1292`	`+ if !filepath.IsAbs(dir) {`
`1293`	`1293`	`return fmt.Errorf("path must be absolute, got %q", dir)`
`1294`	`1294`	`}`
`1295`		`- for _, seg := range strings.Split(filepath.ToSlash(cleaned), "/") {`
	`1295`	`+ for _, seg := range strings.Split(filepath.ToSlash(dir), "/") {`
`1296`	`1296`	`if seg == ".." {`
`1297`	`1297`	`return fmt.Errorf("path contains traversal segment: %q", dir)`
`1298`	`1298`	`}`