Skip to content

[codex] harden local mount path resolution#38

Merged
philipnee merged 1 commit intomainfrom
hardening/01-mount-realpath
Apr 29, 2026
Merged

[codex] harden local mount path resolution#38
philipnee merged 1 commit intomainfrom
hardening/01-mount-realpath

Conversation

@philipnee
Copy link
Copy Markdown
Owner

@philipnee philipnee commented Apr 29, 2026

Why

Local folder mounts must not allow symlink paths inside a mount to escape the configured root. The mount-only runtime now owns filesystem access directly, so this check is security-critical.

What changed

  • Added realpath containment checks before list/read/write/remove operations.
  • Validates missing write targets against their nearest existing ancestor so writes through symlinked parent directories are rejected.
  • Skips listed entries whose real path resolves outside the mount root.
  • Added symlink escape tests for direct provider access and text-index access.

How

The storage provider now resolves the mount root and candidate paths through fs.realpath(). Existing targets must resolve under the mount root; missing write targets must have an existing ancestor that resolves under the mount root.

Changed files

  • src/context/storage-provider.ts - realpath containment checks for local folder operations.
  • tests/storage-provider.test.ts - direct symlink escape coverage.
  • tests/text-index.test.ts - index/read/write symlink escape coverage.

Verification

npm run verify
verify passed

@philipnee philipnee merged commit 58a671c into main Apr 29, 2026
7 checks passed
@philipnee philipnee deleted the hardening/01-mount-realpath branch April 29, 2026 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@philipnee