Allegro
78f0a5c01b
security: fix path traversal vulnerability (CVSS 9.1)
Add comprehensive path traversal detection and validation to prevent
unauthorized file access outside working directories.
Changes:
- tools/file_operations.py: Add _validate_safe_path(), _contains_path_traversal()
- Validate all paths in read_file(), write_file() before processing
- Detect patterns: ../, ..\, URL-encoded, null bytes, control chars
Fixes CWE-22: Path Traversal vulnerability where malicious paths like
../../../etc/shadow could access sensitive files.
CVSS: 9.1 (Critical)
Refs: V-002 in SECURITY_AUDIT_REPORT.md
2026-03-30 23:17:09 +00:00
..
2026-03-17 00:16:34 -07:00
2026-03-30 02:45:41 -07:00
2026-03-17 02:33:12 -07:00
2026-03-24 08:19:23 -07:00
2026-03-23 07:43:12 -07:00
2026-03-30 00:02:02 -07:00
2026-03-28 17:25:04 -07:00
2026-03-25 19:47:58 -07:00
2026-03-25 15:02:03 -07:00
2026-03-24 08:19:34 -07:00
2026-03-30 02:45:41 -07:00
2026-03-29 21:29:13 -07:00
2026-02-21 03:53:24 -08:00
2026-03-29 18:21:36 -07:00
2026-03-24 08:19:34 -07:00
2026-03-30 23:17:09 +00:00
2026-03-29 22:33:47 -07:00
2026-03-25 19:47:58 -07:00
2026-03-30 22:19:26 +00:00
2026-03-30 22:28:56 +00:00
2026-03-15 20:21:21 -07:00
2026-03-29 15:55:05 -07:00
2026-03-25 15:02:03 -07:00
2026-02-23 02:11:33 -08:00
2026-03-25 19:47:58 -07:00
2026-03-29 15:52:54 -07:00
2026-03-28 14:55:18 -07:00
2026-03-27 15:28:19 -07:00
2026-03-18 02:55:30 -07:00
2026-03-11 20:02:36 -07:00
2026-03-26 19:38:04 -07:00
2026-03-25 15:02:03 -07:00
2026-03-29 15:52:54 -07:00
2026-03-25 19:47:58 -07:00
2026-03-29 21:29:13 -07:00
2026-03-27 21:27:51 -07:00
2026-03-29 20:08:22 -07:00
2026-03-27 15:28:19 -07:00
2026-03-28 14:55:49 -07:00
2026-03-25 15:54:28 -07:00
2026-03-29 00:33:30 -07:00
2026-03-29 15:15:17 -07:00
2026-03-25 19:47:58 -07:00
2026-03-15 20:21:21 -07:00
2026-03-29 21:27:03 -07:00
2026-03-29 15:15:17 -07:00
2026-03-23 15:40:42 -07:00
2026-03-30 02:59:39 -07:00
2026-03-25 15:02:03 -07:00
2026-03-28 17:35:53 -07:00
2026-03-25 15:54:28 -07:00