fix: validate agent toml boundaries
This commit is contained in:
Yoilun
@@ -61,6 +61,15 @@ func (s Store) readOne(fileName string) AgentDefinition {
|
||||
def.ParseError = err.Error()
|
||||
return def
|
||||
}
|
||||
if info, err := os.Lstat(safePath); err != nil {
|
||||
def.ParseStatus = "invalid"
|
||||
def.ParseError = err.Error()
|
||||
return def
|
||||
} else if info.Mode()&os.ModeSymlink != 0 {
|
||||
def.ParseStatus = "invalid"
|
||||
def.ParseError = codexhome.ErrForbiddenPath.Error()
|
||||
return def
|
||||
}
|
||||
info, statErr := os.Stat(safePath)
|
||||
if statErr == nil {
|
||||
def.ModifiedAt = info.ModTime()
|
||||
@@ -109,6 +118,12 @@ func parseSimpleTOML(input string) (map[string]string, error) {
|
||||
if key == "" {
|
||||
return values, fmt.Errorf("第 %d 行缺少字段名", lineNumber)
|
||||
}
|
||||
if !isValidBareKey(key) {
|
||||
return values, fmt.Errorf("第 %d 行包含无效字段名", lineNumber)
|
||||
}
|
||||
if _, exists := values[key]; exists {
|
||||
return values, fmt.Errorf("第 %d 行重复字段名 %q", lineNumber, key)
|
||||
}
|
||||
|
||||
value, err := parseTOMLString(raw, scanner)
|
||||
if err != nil {
|
||||
@@ -122,6 +137,25 @@ func parseSimpleTOML(input string) (map[string]string, error) {
|
||||
return values, nil
|
||||
}
|
||||
|
||||
func isValidBareKey(key string) bool {
|
||||
for _, char := range key {
|
||||
if char >= 'a' && char <= 'z' {
|
||||
continue
|
||||
}
|
||||
if char >= 'A' && char <= 'Z' {
|
||||
continue
|
||||
}
|
||||
if char >= '0' && char <= '9' {
|
||||
continue
|
||||
}
|
||||
if char == '_' || char == '-' {
|
||||
continue
|
||||
}
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func parseTOMLString(raw string, scanner *bufio.Scanner) (string, error) {
|
||||
if strings.HasPrefix(raw, `"""`) {
|
||||
block := strings.TrimPrefix(raw, `"""`)
|
||||
|
||||
@@ -72,6 +72,54 @@ func TestListAgentsReportsParseError(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestListAgentsReportsDuplicateKeyAsParseError(t *testing.T) {
|
||||
root := t.TempDir()
|
||||
agentsDir := filepath.Join(root, "agents")
|
||||
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
content := "name = \"a\"\nname = \"b\"\n"
|
||||
if err := os.WriteFile(filepath.Join(agentsDir, "duplicate.toml"), []byte(content), 0o644); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
store := Store{CodexHome: root}
|
||||
got, err := store.List()
|
||||
if err != nil {
|
||||
t.Fatalf("List should return parse status, not fatal error: %v", err)
|
||||
}
|
||||
if len(got) != 1 {
|
||||
t.Fatalf("agent count = %d, want 1", len(got))
|
||||
}
|
||||
if got[0].ParseStatus != "invalid" || got[0].ParseError == "" {
|
||||
t.Fatalf("expected duplicate key to be invalid, got %#v", got[0])
|
||||
}
|
||||
}
|
||||
|
||||
func TestListAgentsReportsInvalidKeyAsParseError(t *testing.T) {
|
||||
root := t.TempDir()
|
||||
agentsDir := filepath.Join(root, "agents")
|
||||
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
content := "bad key = \"value\"\n"
|
||||
if err := os.WriteFile(filepath.Join(agentsDir, "bad-key.toml"), []byte(content), 0o644); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
store := Store{CodexHome: root}
|
||||
got, err := store.List()
|
||||
if err != nil {
|
||||
t.Fatalf("List should return parse status, not fatal error: %v", err)
|
||||
}
|
||||
if len(got) != 1 {
|
||||
t.Fatalf("agent count = %d, want 1", len(got))
|
||||
}
|
||||
if got[0].ParseStatus != "invalid" || got[0].ParseError == "" {
|
||||
t.Fatalf("expected invalid key to be invalid, got %#v", got[0])
|
||||
}
|
||||
}
|
||||
|
||||
func TestListAgentsRejectsSensitiveSymlinkTargets(t *testing.T) {
|
||||
root := t.TempDir()
|
||||
agentsDir := filepath.Join(root, "agents")
|
||||
@@ -100,3 +148,34 @@ func TestListAgentsRejectsSensitiveSymlinkTargets(t *testing.T) {
|
||||
t.Fatalf("sensitive file content leaked: %#v", got[0])
|
||||
}
|
||||
}
|
||||
|
||||
func TestListAgentsRejectsSymlinkToNonAgentToml(t *testing.T) {
|
||||
root := t.TempDir()
|
||||
agentsDir := filepath.Join(root, "agents")
|
||||
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := os.WriteFile(filepath.Join(root, "config.toml"), []byte(`name = "project-secret"`), 0o600); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := os.Symlink("../config.toml", filepath.Join(agentsDir, "leak.toml")); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
store := Store{CodexHome: root}
|
||||
got, err := store.List()
|
||||
if err != nil {
|
||||
t.Fatalf("List should report unsafe files per item, not fatal error: %v", err)
|
||||
}
|
||||
if len(got) != 1 {
|
||||
t.Fatalf("agent count = %d, want 1", len(got))
|
||||
}
|
||||
if got[0].ParseStatus != "invalid" {
|
||||
t.Fatalf("expected non-agent symlink target to be invalid, got %#v", got[0])
|
||||
}
|
||||
if strings.Contains(got[0].Name, "project-secret") ||
|
||||
strings.Contains(got[0].Description, "project-secret") ||
|
||||
strings.Contains(got[0].ParseError, "project-secret") {
|
||||
t.Fatalf("non-agent TOML content leaked: %#v", got[0])
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user