Harden gateway auth and file boundaries

2026-05-04 20:27:30 +08:00 · 2026-03-15 15:31:00 +08:00
parent 617f7cc0f1
commit ba95aeed35
16 changed files with 587 additions and 91 deletions
--- a/pkg/tools/filesystem_security_test.go
+++ b/pkg/tools/filesystem_security_test.go
@@ -0,0 +1,44 @@
+package tools
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestResolveToolPathRejectsAbsolutePath(t *testing.T) {
+	t.Parallel()
+
+	base := t.TempDir()
+	if _, err := resolveToolPath(base, "/tmp/outside.txt"); err == nil {
+		t.Fatalf("expected absolute path to be rejected")
+	}
+}
+
+func TestResolveToolPathRejectsTraversal(t *testing.T) {
+	t.Parallel()
+
+	base := t.TempDir()
+	if _, err := resolveToolPath(base, "../outside.txt"); err == nil {
+		t.Fatalf("expected traversal path to be rejected")
+	}
+}
+
+func TestReadFileToolAllowsWorkspaceRelativePath(t *testing.T) {
+	t.Parallel()
+
+	base := t.TempDir()
+	path := filepath.Join(base, "notes.txt")
+	if err := os.WriteFile(path, []byte("hello"), 0o644); err != nil {
+		t.Fatalf("write fixture: %v", err)
+	}
+	tool := NewReadFileTool(base)
+	got, err := tool.Execute(context.Background(), map[string]interface{}{"path": "notes.txt"})
+	if err != nil {
+		t.Fatalf("read file: %v", err)
+	}
+	if got != "hello" {
+		t.Fatalf("unexpected content %q", got)
+	}
+}