Skip to content

fix(opencode): reject path traversal in remote skill discovery#36364

Open
1837620622 wants to merge 2 commits into
anomalyco:devfrom
1837620622:fix/skill-discovery-path-traversal
Open

fix(opencode): reject path traversal in remote skill discovery#36364
1837620622 wants to merge 2 commits into
anomalyco:devfrom
1837620622:fix/skill-discovery-path-traversal

Conversation

@1837620622

@1837620622 1837620622 commented Jul 11, 2026

Copy link
Copy Markdown

Issue for this PR

Closes #36365

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

Remote skill indexes could supply skill.name / files with .., absolute paths, or cross-origin URLs. packages/opencode wrote downloads via path.join without containment checks.

Port the path safety checks already present in packages/core skill discovery (isSafeSegment, isSafeRelativePath, destination containment, same-origin URL checks). Add regression tests that assert hostile indexes do not fetch or write outside the skills cache.

Not a duplicate of #35996 (that PR covers local symlink walks under .claude/.agents; this covers remote index field validation).

How did you verify your code works?

  • bun test --preload ./test/preload.ts test/skill/discovery.test.ts (hostile index cases included)

Screenshots / recordings

N/A — non-UI

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

Validate skill.name and files from remote skill indexes before writing
into the local cache. Align with packages/core skill discovery so a
hostile index cannot escape the skills cache or fetch cross-origin
resources.
@github-actions github-actions Bot added needs:compliance This means the issue will auto-close after 2 hours. needs:issue labels Jul 11, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

@github-actions

Copy link
Copy Markdown
Contributor

The following comment was made by an LLM, it may be inaccurate:

Potential duplicate found:

This PR appears related as it also addresses path traversal safety during skill discovery. You should verify if #35996 already covers the remote skill index scenario or if they address different aspects of skill discovery security.

@1837620622

Copy link
Copy Markdown
Author

Review-ready

High-confidence path-traversal fix for remote skill discovery (aligns with packages/core guards). Tests included. Happy to iterate.

Keep the remote skill discovery path-traversal guards; only switch the
section comment to English for upstream consistency.
@github-actions github-actions Bot removed the needs:compliance This means the issue will auto-close after 2 hours. label Jul 11, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Thanks for updating your PR! It now meets our contributing guidelines. 👍

@1837620622

Copy link
Copy Markdown
Author

Friendly review ping 🙏

Path-traversal hardening for remote skill discovery (hostile skill.name / files in index.json). Aligns with the guards already used in packages/core. Tests included; checks green.

Happy to iterate if anything looks off.

@1837620622

CreatorGhost added a commit to CreatorGhost/TheCode that referenced this pull request Jul 11, 2026
…e entries

Addresses CodeRabbit review findings on the anomalyco#36364 port.
CreatorGhost added a commit to CreatorGhost/TheCode that referenced this pull request Jul 11, 2026
* fix(opencode): reject path traversal in remote skill discovery

Ported from upstream anomalyco#36364.

* fix(opencode): harden skill names against drive letters and log unsafe entries

Addresses CodeRabbit review findings on the anomalyco#36364 port.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix(security): remote skill discovery path traversal via hostile skill indexes

1 participant