Workspace Directory Escape Vulnerability
Version: v0.1.0
Issue:
Workspace path validation does not constrain access. Extensions can use ../../../ to read/write arbitrary host files.
Impact:
- Extensions can read /etc/passwd
- Extensions can access ./ssh keys
- Security bypass
Files:
src-tauri/src/extensions/plugin_api.rs:203: let resolved = resolve_workspace_path(workspace_root, relative_path)?;
src-tauri/src/extensions/plugin_api.rs:218: let resolved = resolve_workspace_path(workspace_root, relative_path)?;
Attack:
workspace.resolve_path("../../../../../etc/passwd")
Reads: /etc/passwd
Recommendation:
Use canonicalize() and verify starts with workspace root.
Severity: HIGH
Workspace Directory Escape Vulnerability
Version: v0.1.0
Issue:
Workspace path validation does not constrain access. Extensions can use ../../../ to read/write arbitrary host files.
Impact:
Files:
src-tauri/src/extensions/plugin_api.rs:203: let resolved = resolve_workspace_path(workspace_root, relative_path)?;
src-tauri/src/extensions/plugin_api.rs:218: let resolved = resolve_workspace_path(workspace_root, relative_path)?;
Attack:
workspace.resolve_path("../../../../../etc/passwd")
Reads: /etc/passwd
Recommendation:
Use canonicalize() and verify starts with workspace root.
Severity: HIGH