fix(security): harden skill ID validation and installation paths#444
fix(security): harden skill ID validation and installation paths#444yacosta738 wants to merge 1 commit into
Conversation
Harden AgentSync against path traversal vulnerabilities during skill
installation and updates by implementing a defense-in-depth approach.
1. Modified `src/skills/install.rs`: Added validation to `install_from_dir`
to ensure the `skill_id` corresponds to exactly one safe path component.
2. Modified `src/commands/skill.rs`: Hardened `validate_skill_id` to use a
strict whitelist (alphanumeric, hyphens, underscores) for skill IDs.
3. Added unit tests in `src/commands/skill.rs` and a regression test in
`tests/test_security.rs`.
These changes ensure that even if malicious configuration or input is
provided, skill installation cannot escape the intended target directory.
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (3)
📝 WalkthroughSummary by CodeRabbit
WalkthroughThis PR strengthens skill ID validation to prevent path traversal attacks. The ChangesSkill ID Path Traversal Prevention
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
1 participant
User's Goal
Harden AgentSync against path traversal vulnerabilities by strictly validating skill IDs during installation and updates.
Severity
CRITICAL
Vulnerability
Path traversal during skill installation. Malicious configurations could provide skill IDs like
../escape, allowing the tool to create directories or files outside the intended.agents/skills/directory.Impact
An attacker with control over
agentsync.tomlor providing malicious skill IDs to the CLI could potentially overwrite sensitive files or create unauthorized directories on the user's filesystem.Fix
Implemented a two-layered defense:
src/commands/skill.rs), skill IDs are now restricted to a safe set of characters (alphanumeric, hyphens, and underscores).src/skills/install.rs), theinstall_from_dirfunction now validates that the providedskill_idresolves to exactly one "Normal" path component, preventing any traversal attempts even if the CLI whitelist were bypassed.Source
src/commands/skill.rs:validate_skill_idsrc/skills/install.rs:install_from_dirVerification
src/commands/skill.rsverify the hardenedvalidate_skill_idlogic.test_skill_install_id_traversalintests/test_security.rsconfirms that traversal attempts in skill IDs are correctly rejected during installation.cargo clippyandcargo fmt.PR created automatically by Jules for task 10869251960065621527 started by @yacosta738