Commit Graph

6 Commits

Author SHA1 Message Date
Verify User
17b8a9a561 fix(security): canonicalize Claude image attachment reads
Resolve image attachment paths with realpath before reading so symlinks inside allowed roots cannot escape to arbitrary files. Preserve support for symlinked project/upload roots and skip invalid descriptors instead of failing the provider turn.
2026-07-06 23:24:17 +03:00
Haileyesus
baf45b7282 fix(security): canonicalize Claude image attachment reads
Resolve image attachment paths with realpath before reading so symlinks
inside allowed roots cannot escape to arbitrary files. Preserve support for
symlinked project/upload roots and add focused coverage for both cases.
2026-07-06 23:03:52 +03:00
Haileyesus
98e6cf2ba9 fix: use CodeQL-recognized containment check for image reads
Replace the path.relative guard in isPathInsideDirectory with the
resolve + startsWith(root + sep) idiom so the path-injection barrier
is visible to code scanning; behavior is unchanged.
2026-07-06 21:37:15 +03:00
Haileyesus
417fe11718 fix: address code scanning findings
- enforce a second image trust boundary in the provider builders:
  buildClaudeUserContent/buildCodexInputItems only accept files inside
  the upload store or the run's working directory (CodeQL path
  injection)
- drop an always-true selectedProject check in handleSubmit
- remove the unused resume option from spawnCursor
2026-07-06 21:22:30 +03:00
Haileyesus
4e423f5fa2 fix: remove gemini support since google discontinued it 2026-07-06 17:01:29 +03:00
Haileyesus
a253a2bda4 feat: support attached images for all providers 2026-07-06 13:32:06 +03:00