Skip to content

fix(security): contain skill file writes within the skill directory#95

Merged
albertodebortoli merged 1 commit into
mainfrom
security/contain-skill-writes
Jun 13, 2026
Merged

fix(security): contain skill file writes within the skill directory#95
albertodebortoli merged 1 commit into
mainfrom
security/contain-skill-writes

Conversation

@albertodebortoli

@albertodebortoli albertodebortoli commented Jun 13, 2026

Copy link
Copy Markdown
Member

Description

  • What & why: When installing skills via the native pipeline, Luca writes each downloaded skill file to skillFolder.appendingPathComponent(skillFile.relativePath). The relative path originates from a remote repository. Git itself will not normally produce .. path components, but there was no defensive check that the resolved write path stays inside the skill directory, leaving a path-traversal sink fed by remote data.
  • Fix: Installer now verifies each skill file's resolved path is contained within the skill cache directory before writing, throwing unsafeSkillPath for any entry that escapes via ... Containment is computed lexically with standardizedFileURL, so it is safe to evaluate before the file exists.
  • Trade-offs: Pure defence-in-depth; no effect on well-formed skill repositories.

Type of Change

  • Bug fix
  • Feature
  • Maintenance / Refactor
  • Documentation
  • CI / Tooling
  • Other (specify)

How Has This Been Tested?

swift build and swift test locally on macOS (arm64).

  • Added / updated unit tests
  • Manually tested locally
  • Tested on macOS (arch: arm64)

New test: a skill download whose file carries a ../../escaped.txt relative path is rejected, and the install confirms nothing is written outside the skill cache folder.

Checklist

  • Swift code builds locally (swift build)
  • Tests pass locally (swift test)
  • Code style / formatting respected
  • Documentation updated (DocC comments on the new error case and helper)

Breaking Changes?

  • No

Additional Notes

Part of a set of independent supply-chain hardening changes; this PR stands alone and can be merged on its own.

@albertodebortoli albertodebortoli added this to the 0.21.0 milestone Jun 13, 2026
@albertodebortoli albertodebortoli added the security Security fixes label Jun 13, 2026
@codecov

codecov Bot commented Jun 13, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@albertodebortoli
fix(security): contain skill file writes within the skill directory
e57ff3b 
Installer now verifies each skill file's resolved path stays inside the skill
cache directory before writing it, throwing unsafeSkillPath for any '..'
traversal in a remote-supplied relative path. Defence-in-depth against a
malicious skill repository attempting path traversal.
@albertodebortoli albertodebortoli force-pushed the security/contain-skill-writes branch from b65eda2 to e57ff3b Compare June 13, 2026 21:38
@albertodebortoli albertodebortoli marked this pull request as ready for review June 13, 2026 21:44
@albertodebortoli albertodebortoli merged commit f405f8f into main Jun 13, 2026
3 checks passed
@albertodebortoli albertodebortoli deleted the security/contain-skill-writes branch June 13, 2026 21:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security Security fixes

Projects

None yet

Milestone

0.21.0

Development

Successfully merging this pull request may close these issues.

1 participant

@albertodebortoli