haitham/claw3d
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6666be06524ef250a5dfbf94315cff75b228933e
claw3d/src
T
History
Nix 6666be0652 fix(security): resolve symlinks in path-suggestions home directory check (fixes #52) (#54) 
The isWithinHome() check used path.relative() which is purely string-based
and does not follow symlinks. A symlink inside the home directory pointing
to an external path would bypass the containment check, allowing directory
listing of arbitrary filesystem locations.

Now uses fs.realpathSync() to resolve symlinks before the containment
comparison, ensuring the real filesystem path is validated.

Co-authored-by: ThankNIXlater <ThankNIXlater@users.noreply.github.com>
2026-03-24 11:03:24 -05:00
..
app
fix(security): resolve symlinks in path-suggestions home directory check (fixes #52) (#54)
2026-03-24 11:03:24 -05:00
components
First Release of Claw3D (#11)
2026-03-19 23:14:04 -05:00
features
feat(ui): improve visual polish, responsiveness, and accessibility (#58)
2026-03-24 10:55:19 -05:00
hooks
Avatar Customization + Update Agent Brain (#23)
2026-03-20 23:05:14 -05:00
lib
Add office agent management wizard (#56)
2026-03-23 18:04:37 -05:00
instrumentation.ts
First Release of Claw3D (#11)
2026-03-19 23:14:04 -05:00