# Vulnerability Summary ## Overview This vulnerability involves a security issue in the configuration and parsing logic of the local media root directory within the `openclaw` project. Specifically: - The parsing of the local media root directory does not properly restrict the file system access scope, which may allow malicious users to access or manipulate unintended file system resources by crafting specific media source paths. - In the pre-fix code, the `resolveMediaToolLocalRoots` function lacked sufficient security validation on media source paths, potentially allowing bypass of intended file system restrictions. ## Impact Scope - **Affected Modules**: `src/agents/tools/media-tool-shared.ts`, `src/media/local-roots.ts`, and other modules related to media tools. - **Affected Scenarios**: When users configure media sources via `mediaSources`, if the `workspaceOnly` option is not enabled, it may lead to an expanded file system access scope. - **Potential Risks**: Attackers could exploit this vulnerability to access or modify unintended files, resulting in data leakage or system tampering. ## Remediation Plan 1. **Code Changes**: - In `src/agents/tools/media-tool-shared.ts`, add the `appendLocalMediaParentRoots` function to safely parse media source paths and ensure their parent directories remain within the allowed scope. - Modify the `resolveMediaToolLocalRoots` function to include additional security checks on media source paths, preventing illegal paths from being resolved. - In `src/media/local-roots.ts`, optimize the `resolveLocalMediaPath` function to ensure path resolution meets security requirements. 2. **Test Cases**: - Add test case `src/media/local-roots.test.ts` to verify that the fixed code correctly handles various media source paths, including both valid and invalid ones. 3. **Key Code Changes**: - Introduce the `appendLocalMediaParentRoots` function to ensure parent directories of media source paths remain within the permitted scope. - Update `resolveMediaToolLocalRoots` function with enhanced security validation for media source paths. - Optimize `resolveLocalMediaPath` function to guarantee secure path resolution. ## POC Code ```typescript // src/agents/tools/media-tool-shared.ts export function resolveMediaToolLocalRoots( workspaceDirRaw: string | undefined, options: { workspaceOnly?: boolean } ): string[] { const workspaceDir = normalizeWorkspaceDir(workspaceDirRaw); if (options.workspaceOnly) { return workspaceDir ? [workspaceDir] : []; } const roots = getDefaultLocalRoots(); const scopedRoots = workspaceDir ? Array.from(new Set([...roots, workspaceDir])) : [...roots]; return appendLocalMediaParentRoots(scopedRoots, mediaSources); } // src/media/local-roots.ts export function appendLocalMediaParentRoots( roots: readonly string[], mediaSources: readonly string[] ): string[] { const appended = Array.from(new Set(roots.map((root) => path.resolve(root)))); for (const source of mediaSources ?? []) { const localPath = resolveLocalMediaPath(source); if (!localPath) { continue; } const parentDir = path.dirname(localPath); if (parentDir === path.parse(parentDir).root) { continue; } const normalizedParent = path.resolve(parentDir); if (appended.includes(normalizedParent)) { continue; } appended.push(normalizedParent); } return Array.from(new Set(roots.map((root) => path.resolve(root)))); } ``` ## Summary This vulnerability is mitigated by fixing the parsing logic of media source paths to ensure file system access remains within the expected scope, thereby preventing potential security risks. The patched code adds security validations and has been verified effective through test cases.