Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 660e1ed

Browse files
committed
fix(harness): strip Windows drive prefix in SANDBOXED resolveSandboxed
LocalFilesystemModeTest expected SANDBOXED mode to silently re-root absolute paths under the workspace (returning a "not found" error from read), but Windows drive-letter paths like "C:\Users\...\secret.txt" slipped past the leading-"/" peel and stayed absolute, so cwd.resolve() returned the original absolute path and the !startsWith(cwd) check threw SecurityException. Strip the drive prefix ("C:\" / "C:/") in resolveSandboxed so the remainder is a relative path that resolves under cwd the same way Unix absolute inputs do. No-op on Unix; matches the test's documented "absolute path becomes a non-existent relative under the root" intent.
1 parent 1719031 commit 660e1ed

1 file changed

Lines changed: 13 additions & 1 deletion

File tree

agentscope-harness/src/main/java/io/agentscope/harness/agent/filesystem/local/LocalFilesystem.java

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -612,13 +612,25 @@ private Path resolveSandboxed(String effectiveKey) {
612612
if (vpath.contains("..") || vpath.startsWith("~")) {
613613
throw new SecurityException("Path traversal not allowed");
614614
}
615-
Path full = cwd.resolve(vpath.substring(1)).normalize();
615+
// Strip Windows drive prefix ("C:\" / "C:/") so absolute Windows paths get re-rooted
616+
// under the sandbox the same way Unix absolute paths do; no-op on Unix input.
617+
Path full = cwd.resolve(stripWindowsDrive(vpath.substring(1))).normalize();
616618
if (!full.startsWith(cwd)) {
617619
throw new SecurityException("Path " + full + " outside root directory: " + cwd);
618620
}
619621
return full;
620622
}
621623

624+
private static String stripWindowsDrive(String key) {
625+
if (key.length() >= 3
626+
&& Character.isLetter(key.charAt(0))
627+
&& key.charAt(1) == ':'
628+
&& (key.charAt(2) == '\\' || key.charAt(2) == '/')) {
629+
return key.substring(3);
630+
}
631+
return key;
632+
}
633+
622634
private Path resolveRooted(String effectiveKey) {
623635
Path target = Path.of(effectiveKey);
624636
if (target.isAbsolute()) {

0 commit comments

Comments
 (0)