From 4efa5020f26dc3b1806cad4f3904a66abc9f9e6b Mon Sep 17 00:00:00 2001 From: "BISHT.cx" Date: Sat, 11 Apr 2026 13:24:20 +0530 Subject: [PATCH 1/3] Enhance security in blob path normalization Refactor blob path handling to prevent path traversal vulnerabilities. --- src/google/adk/skills/_utils.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/google/adk/skills/_utils.py b/src/google/adk/skills/_utils.py index cab70a8d4b..0d51eaf0d2 100644 --- a/src/google/adk/skills/_utils.py +++ b/src/google/adk/skills/_utils.py @@ -15,7 +15,7 @@ """Utility functions for Agent Skills.""" from __future__ import annotations - +import os import logging import pathlib from typing import Union @@ -406,11 +406,18 @@ def _load_files_in_dir(subdir: str) -> Dict[str, Union[str, bytes]]: blobs = bucket.list_blobs(prefix=prefix) result = {} - for blob in blobs: - relative_path = blob.name[len(prefix) :] - if not relative_path: + for blob in blobs: + relative_path = blob.name[len(prefix):] + if not relative_path: continue + # Prevent path traversal via malicious GCS blob names + normalized = os.path.normpath(relative_path) + if normalized.startswith('..') or os.path.isabs(normalized): + raise ValueError( + f"Unsafe path in skill resource: {relative_path!r}" + ) + try: result[relative_path] = blob.download_as_text() except UnicodeDecodeError: From 80d9210cf74a13f5619ac4ba7a36e7c2a195d6d6 Mon Sep 17 00:00:00 2001 From: "BISHT.cx" Date: Sat, 11 Apr 2026 13:25:11 +0530 Subject: [PATCH 2/3] Fix indentation in _load_files_in_dir function --- src/google/adk/skills/_utils.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/google/adk/skills/_utils.py b/src/google/adk/skills/_utils.py index 0d51eaf0d2..ffb7058ed4 100644 --- a/src/google/adk/skills/_utils.py +++ b/src/google/adk/skills/_utils.py @@ -401,19 +401,19 @@ def _load_skill_from_gcs_dir( f" name '{skill_name_expected}'." ) - def _load_files_in_dir(subdir: str) -> Dict[str, Union[str, bytes]]: +def _load_files_in_dir(subdir: str) -> Dict[str, Union[str, bytes]]: prefix = f"{skill_dir_prefix}{subdir}/" blobs = bucket.list_blobs(prefix=prefix) result = {} - for blob in blobs: - relative_path = blob.name[len(prefix):] - if not relative_path: + for blob in blobs: + relative_path = blob.name[len(prefix):] + if not relative_path: continue - # Prevent path traversal via malicious GCS blob names - normalized = os.path.normpath(relative_path) - if normalized.startswith('..') or os.path.isabs(normalized): + # Prevent path traversal via malicious GCS blob names + normalized = os.path.normpath(relative_path) + if normalized.startswith('..') or os.path.isabs(normalized): raise ValueError( f"Unsafe path in skill resource: {relative_path!r}" ) From 83b21a9fc02ba548b91e4fb4ef71923f3e209a91 Mon Sep 17 00:00:00 2001 From: "BISHT.cx" Date: Sat, 11 Apr 2026 13:26:15 +0530 Subject: [PATCH 3/3] Fix indentation in _load_files_in_dir function --- src/google/adk/skills/_utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/google/adk/skills/_utils.py b/src/google/adk/skills/_utils.py index ffb7058ed4..ac8cfa11db 100644 --- a/src/google/adk/skills/_utils.py +++ b/src/google/adk/skills/_utils.py @@ -401,7 +401,7 @@ def _load_skill_from_gcs_dir( f" name '{skill_name_expected}'." ) -def _load_files_in_dir(subdir: str) -> Dict[str, Union[str, bytes]]: + def _load_files_in_dir(subdir: str) -> Dict[str, Union[str, bytes]]: prefix = f"{skill_dir_prefix}{subdir}/" blobs = bucket.list_blobs(prefix=prefix) result = {}