π‘οΈ Sentinel: [HIGH] Fix path traversal bypass in Lua sandbox#152
π‘οΈ Sentinel: [HIGH] Fix path traversal bypass in Lua sandbox#152mleem97 wants to merge 1 commit into
Conversation
Appended trailing Path.DirectorySeparatorChar to base directories before performing StartsWith boundary checks, and allowed exact path matches using .Equals() against the trimmed directory. This prevents prefix-matching path traversal bypasses where an attacker could access directories like /mods/modA_secret by passing a check meant for /mods/modA.
|
π Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a π emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
π¨ Severity: HIGH
π‘ Vulnerability: Path traversal sandbox bypass where
StartsWithchecks against un-terminated directory paths allowed access to sibling directories with matching prefixes (e.g./mods/modAbypass check matched/mods/modA_secret).π― Impact: Malicious Lua mods could read, write or require files outside of their designated sandboxes, potentially compromising other mods or system data.
π§ Fix: Appended trailing
Path.DirectorySeparatorCharto base directories before performingStartsWithboundary checks, and allowed exact path matches.β Verification: Verified unit tests pass and test script validating safe and unsafe paths behaves properly.
PR created automatically by Jules for task 16472770680021782703 started by @mleem97