WriteToFileTool Path Traversal Vulnerability Fix and PoC

# Vulnerability Summary ## Overview This vulnerability involves a file path traversal security issue. In `WriteToFileTool.ts`, the tool allows users to write files using relative paths (e.g., `../outside.txt`) or absolute paths (e.g., `/tmp/aicode-toolkit-poc.txt`) without properly restricting the path to remain within the current workspace. Attackers can exploit this vulnerability to write files outside the workspace, potentially leading to arbitrary file overwrites or sensitive information disclosure. ## Impact Scope - Affects the `WriteToFileTool` tool, which is used to write content to specified files. - The vulnerability exists in the path resolution logic, which lacks strict validation, allowing the workspace restriction to be bypassed. ## Remediation 1. **Enhanced Path Validation**: In the `resolveWorkspaceFilePath` method, add strict validation for paths to ensure they always remain within the workspace. - Use methods such as `path.relative` and `path.isAbsolute` to verify path validity. - If the path is outside the workspace, throw an error and prevent the write operation. 2. **Test Coverage**: Add unit test cases to verify the following scenarios: - Reject absolute paths that extend beyond the workspace. - Reject relative path traversals that extend beyond the workspace. - Ensure parent directories are automatically created when they do not exist. 3. **Code Example**: ```typescript private resolveWorkspaceFilePath(filePath: string): string { const workspaceRoot = path.resolve(process.cwd()); const resolvedPath = path.resolve(workspaceRoot, filePath); const relativeToWorkspace = path.relative(workspaceRoot, resolvedPath); const isWithinWorkspace = !relativeToWorkspace.startsWith('..') && !path.isAbsolute(relativeToWorkspace); if (!isWithinWorkspace) { throw new Error(`Path "${filePath}" is outside the workspace directory`); } return resolvedPath; } ``` ## POC Code ```typescript it('should reject absolute paths outside the workspace', async () => { const args = { file_path: '/tmp/aicode-toolkit-poc.txt', content: 'blocked', }; const ensureDirSpy = vi.spyOn(tool.fileSystemService, 'ensureDir'); const writeFileSpy = vi.spyOn(tool.fileSystemService, 'writeFile'); const result = await tool.execute(args); expect(result.isError).toBe(true); expect(result.content[0].text).toContain('outside the workspace directory'); expect(ensureDirSpy).not.toHaveBeenCalled(); expect(writeFileSpy).not.toHaveBeenCalled(); }); it('should reject relative traversal outside the workspace', async () => { const args = { file_path: '../outside.txt', content: 'blocked', }; const ensureDirSpy = vi.spyOn(tool.fileSystemService, 'ensureDir'); const writeFileSpy = vi.spyOn(tool.fileSystemService, 'writeFile'); const result = await tool.execute(args); expect(result.isError).toBe(true); expect(result.content[0].text).toContain('outside the workspace directory'); expect(ensureDirSpy).not.toHaveBeenCalled(); expect(writeFileSpy).not.toHaveBeenCalled(); }); ```

Goal Reached Thanks to every supporter — we hit 100%!

WriteToFileTool Path Traversal Vulnerability Fix and PoC

More from this source