Skip to content

security: block apply_patch path traversal outside workspace#16405

Merged
mbelinky merged 1 commit intomainfrom
ghsa-r5fq-947m-xm57-fix
Feb 14, 2026
Merged

security: block apply_patch path traversal outside workspace#16405
mbelinky merged 1 commit intomainfrom
ghsa-r5fq-947m-xm57-fix

Conversation

@mbelinky
Copy link
Copy Markdown
Contributor

@mbelinky mbelinky commented Feb 14, 2026
edited by greptile-apps bot
Loading

Summary

  • enforce workspace-root path bounds for apply_patch even when sandbox mode is not enabled
  • reuse sandbox path guard logic for non-sandbox path resolution
  • add regression coverage for traversal, absolute-outside, and symlink escape attempts

Security context

  • advisory: GHSA-r5fq-947m-xm57
  • this closes the server-side file path escape primitive by rejecting paths outside the workspace root

Tests

  • OPENCLAW_E2E_WORKERS=1 pnpm exec vitest run --config vitest.e2e.config.ts src/agents/apply-patch.e2e.test.ts

Greptile Overview

Greptile Summary

This PR closes a critical path traversal vulnerability in apply_patch that allowed writes outside the workspace directory. The fix extends sandbox path enforcement to non-sandbox mode by replacing custom path resolution with the shared assertSandboxPath utility, which validates both path boundaries and symlink escapes.

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The security fix properly addresses the vulnerability by reusing battle-tested path validation logic from assertSandboxPath, comprehensive test coverage validates all attack vectors (relative traversal, absolute paths, symlink escapes), and the CHANGELOG documents the security context appropriately
  • No files require special attention

Last reviewed commit: 43274ac

@openclaw-barnacle openclaw-barnacle bot added agents Agent runtime and tooling size: S maintainer Maintainer-authored PR labels Feb 14, 2026
@mbelinky mbelinky force-pushed the ghsa-r5fq-947m-xm57-fix branch from 43274ac to 0fcd3f8 Compare February 14, 2026 19:10
@mbelinky mbelinky merged commit 5544646 into main Feb 14, 2026
10 checks passed
@mbelinky mbelinky deleted the ghsa-r5fq-947m-xm57-fix branch February 14, 2026 19:11
@mbelinky
Copy link
Copy Markdown
Contributor Author

mbelinky commented Feb 14, 2026

Merged via squash.

Follow-up: local /mergepr cleanup failed in maintainer clone because branch ghsa-r5fq-947m-xm57-fix is still checked out in another worktree; GitHub PR is merged successfully.

This was referenced Feb 14, 2026
Merged
Closed
akoscz pushed a commit to akoscz/openclaw that referenced this pull request Feb 15, 2026
@mbelinky @akoscz
security: block apply_patch path traversal outside workspace (opencla…
6c585f8 
…w#16405)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0fcd3f8
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky
GwonHyeok pushed a commit to learners-superpumped/openclaw that referenced this pull request Feb 15, 2026
@mbelinky @GwonHyeok
security: block apply_patch path traversal outside workspace (opencla…
1f2cc5d 
…w#16405)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0fcd3f8
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky
vincentkoc pushed a commit to vincentkoc/openclaw that referenced this pull request Feb 15, 2026
@mbelinky @vincentkoc
security: block apply_patch path traversal outside workspace (opencla…
3f491f9 
…w#16405)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0fcd3f8
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky
snowzlm pushed a commit to snowzlm/openclaw that referenced this pull request Feb 15, 2026
@mbelinky
security: block apply_patch path traversal outside workspace (opencla…
5ccca46 
…w#16405)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0fcd3f8
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky
jiulingyun added a commit to jiulingyun/openclaw-cn that referenced this pull request Feb 15, 2026
@jiulingyun
fix(security): block apply_patch path traversal outside workspace (up…
668ed6a 
…stream 5544646, openclaw#16405)
hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request Mar 1, 2026
@mbelinky @github-actions
security: block apply_patch path traversal outside workspace (opencla…
682c9ba 
…w#16405)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0fcd3f8
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

(cherry picked from commit 5544646)

# Conflicts:
#	CHANGELOG.md
This was referenced Mar 1, 2026
Closed
Closed
hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request Mar 3, 2026
@mbelinky @github-actions
security: block apply_patch path traversal outside workspace (opencla…
9dca9cc 
…w#16405)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0fcd3f8
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

(cherry picked from commit 5544646)

# Conflicts:
#	CHANGELOG.md
#	src/agents/apply-patch.ts
zooqueen pushed a commit to hanzoai/bot that referenced this pull request Mar 6, 2026
@mbelinky
security: block apply_patch path traversal outside workspace (opencla…
d1e1730 
…w#16405)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 0fcd3f8
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

agents Agent runtime and tooling maintainer Maintainer-authored PR size: S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mbelinky