From c3105f9a2b7f859847db38a61397394f5a040ac5 Mon Sep 17 00:00:00 2001 From: Andrei-Mihai Minca <48168206+andreiminca@users.noreply.github.com> Date: Mon, 13 Jul 2026 13:42:25 +0300 Subject: [PATCH] Update path-validation.ts A path validation bypass vulnerability has been identified on Windows environments within the secure-filesystem-server. The isPathWithinAllowedDirectories function fails to restrict NTFS Alternate Data Streams (ADS). As a result, an attacker can supply paths containing a colon separator (e.g., file.txt:payload.exe), which bypasses directory boundary checks and allows reading or writing hidden data directly to NTFS alternate streams within allowed folders --- src/filesystem/path-validation.ts | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/filesystem/path-validation.ts b/src/filesystem/path-validation.ts index 972e9c49d0..581c17ef9d 100644 --- a/src/filesystem/path-validation.ts +++ b/src/filesystem/path-validation.ts @@ -32,6 +32,18 @@ export function isPathWithinAllowedDirectories(absolutePath: string, allowedDire return false; } + // Reject Windows Alternate Data Streams (ADS) to prevent path validation bypasses + if (process.platform === 'win32' || path.sep === '\\') { + const firstColonIndex = normalizedPath.indexOf(':'); + if (firstColonIndex !== -1) { + const hasMoreThanOneColon = normalizedPath.indexOf(':', firstColonIndex + 1) !== -1; + const isValidDriveColon = firstColonIndex === 1 && /^[A-Za-z]$/.test(normalizedPath[0]); + if (hasMoreThanOneColon || !isValidDriveColon) { + return false; + } + } + } + // Verify it's absolute after normalization if (!path.isAbsolute(normalizedPath)) { throw new Error('Path must be absolute after normalization');