From 063e28feb489df8022dbf79e580543b4bae3b1dc Mon Sep 17 00:00:00 2001
From: zerone0x <hi@trine.dev>
Date: Fri, 27 Mar 2026 00:08:20 +0800
Subject: [PATCH] fix: prevent path traversal in exportEnvironmentFile

Add boundary check after filepath.Join to ensure the resolved file path
stays within the worktree directory. Without this validation, a malicious
target_file like "../../.bashrc" could write files outside the worktree
on the host filesystem via the environment_file_write MCP tool.

Fixes #337

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 repository/git.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/repository/git.go b/repository/git.go
index 55dacfbb..71ca9cc5 100644
--- a/repository/git.go
+++ b/repository/git.go
@@ -376,6 +376,12 @@ func (r *Repository) exportEnvironmentFile(ctx context.Context, env *environment
 	// Get the absolute path for the file in the worktree
 	absoluteFilePath := filepath.Join(worktreePath, filePath)
 
+	// Validate the resolved path stays within the worktree to prevent path traversal
+	rel, err := filepath.Rel(worktreePath, absoluteFilePath)
+	if err != nil || strings.HasPrefix(rel, "..") {
+		return fmt.Errorf("path traversal detected: %s resolves outside worktree", filePath)
+	}
+
 	// Ensure the directory exists
 	if err := os.MkdirAll(filepath.Dir(absoluteFilePath), 0755); err != nil {
 		return fmt.Errorf("failed to create directory for file %s: %w", filePath, err)