fix: validate agent toml boundaries

2026-05-25 17:58:22 +08:00
parent fee920a895
commit 425e11c444
4 changed files with 124 additions and 0 deletions
--- a/internal/agents/store_test.go
+++ b/internal/agents/store_test.go
@@ -72,6 +72,54 @@ func TestListAgentsReportsParseError(t *testing.T) {
 	}
 }

+func TestListAgentsReportsDuplicateKeyAsParseError(t *testing.T) {
+	root := t.TempDir()
+	agentsDir := filepath.Join(root, "agents")
+	if err := os.MkdirAll(agentsDir, 0o755); err != nil {
+		t.Fatal(err)
+	}
+	content := "name = \"a\"\nname = \"b\"\n"
+	if err := os.WriteFile(filepath.Join(agentsDir, "duplicate.toml"), []byte(content), 0o644); err != nil {
+		t.Fatal(err)
+	}
+
+	store := Store{CodexHome: root}
+	got, err := store.List()
+	if err != nil {
+		t.Fatalf("List should return parse status, not fatal error: %v", err)
+	}
+	if len(got) != 1 {
+		t.Fatalf("agent count = %d, want 1", len(got))
+	}
+	if got[0].ParseStatus != "invalid" || got[0].ParseError == "" {
+		t.Fatalf("expected duplicate key to be invalid, got %#v", got[0])
+	}
+}
+
+func TestListAgentsReportsInvalidKeyAsParseError(t *testing.T) {
+	root := t.TempDir()
+	agentsDir := filepath.Join(root, "agents")
+	if err := os.MkdirAll(agentsDir, 0o755); err != nil {
+		t.Fatal(err)
+	}
+	content := "bad key = \"value\"\n"
+	if err := os.WriteFile(filepath.Join(agentsDir, "bad-key.toml"), []byte(content), 0o644); err != nil {
+		t.Fatal(err)
+	}
+
+	store := Store{CodexHome: root}
+	got, err := store.List()
+	if err != nil {
+		t.Fatalf("List should return parse status, not fatal error: %v", err)
+	}
+	if len(got) != 1 {
+		t.Fatalf("agent count = %d, want 1", len(got))
+	}
+	if got[0].ParseStatus != "invalid" || got[0].ParseError == "" {
+		t.Fatalf("expected invalid key to be invalid, got %#v", got[0])
+	}
+}
+
 func TestListAgentsRejectsSensitiveSymlinkTargets(t *testing.T) {
 	root := t.TempDir()
 	agentsDir := filepath.Join(root, "agents")
@@ -100,3 +148,34 @@ func TestListAgentsRejectsSensitiveSymlinkTargets(t *testing.T) {
 		t.Fatalf("sensitive file content leaked: %#v", got[0])
 	}
 }
+
+func TestListAgentsRejectsSymlinkToNonAgentToml(t *testing.T) {
+	root := t.TempDir()
+	agentsDir := filepath.Join(root, "agents")
+	if err := os.MkdirAll(agentsDir, 0o755); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.WriteFile(filepath.Join(root, "config.toml"), []byte(`name = "project-secret"`), 0o600); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Symlink("../config.toml", filepath.Join(agentsDir, "leak.toml")); err != nil {
+		t.Fatal(err)
+	}
+
+	store := Store{CodexHome: root}
+	got, err := store.List()
+	if err != nil {
+		t.Fatalf("List should report unsafe files per item, not fatal error: %v", err)
+	}
+	if len(got) != 1 {
+		t.Fatalf("agent count = %d, want 1", len(got))
+	}
+	if got[0].ParseStatus != "invalid" {
+		t.Fatalf("expected non-agent symlink target to be invalid, got %#v", got[0])
+	}
+	if strings.Contains(got[0].Name, "project-secret") ||
+		strings.Contains(got[0].Description, "project-secret") ||
+		strings.Contains(got[0].ParseError, "project-secret") {
+		t.Fatalf("non-agent TOML content leaked: %#v", got[0])
+	}
+}