Skip to content

🔒 Missing workspace boundary validation allows arbitrary file read #3265

Description

@asmit25805

🔒 Security · 🟡 Medium · Confidence: 96%

File: rust/crates/runtime/src/file_ops.rs
Location: read_file


What's wrong

The function reads a file path supplied by the caller without checking that it stays inside the intended workspace. The line let absolute_path = normalize_path(path)?; resolves the user‑provided path to an absolute path, but no subsequent call to validate_workspace_boundary is made, so a malicious caller can traverse out of the workspace (e.g., using ../ or symlinks) and read any file the process can access.

Suggested fix

Validate the resolved path against the workspace root before reading the file. For example:

pub fn read_file(
    path: &str,
    offset: Option<usize>,
    limit: Option<usize>,
    workspace_root: &Path,
) -> io::Result<ReadFileOutput> {
    let absolute_path = normalize_path(path)?;
    // Ensure the path stays within the workspace
    validate_workspace_boundary(&absolute_path, workspace_root)?;
    // ... rest of the function unchanged ...
}

About this report

This finding was generated by an automated audit tool using Llama 3.3 70B + verification passes.
Only findings with ≥92% confidence that passed both LLM self-verification and line reference
verification are reported. False positives are still possible — please verify before acting.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions