From a9c91675ebfdce13f885bb5688ab52d56c0c34a6 Mon Sep 17 00:00:00 2001
From: SparkLabScout <scout@sparklab.ai>
Date: Tue, 10 Mar 2026 13:09:03 +0800
Subject: [PATCH] fix: path traversal in listDirectory

Fixes security vulnerability #463

The original check using startsWith(projectPath) could be bypassed
with sibling directories that share a prefix with the project path.

Example: projectPath=/home/user/project, directoryPath=../project-evil
resolves to /home/user/project-evil which passes startsWith('/home/user/project')
because 'project-evil' starts with 'project'.

This fix adds path.sep to ensure we're checking for proper directory
boundary, and also checks for exact match to allow listing the project
root itself. This matches the pattern already used in code-search.ts.
---
 sdk/src/tools/list-directory.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sdk/src/tools/list-directory.ts b/sdk/src/tools/list-directory.ts
index 37c61fed16..e7a1bd6fca 100644
--- a/sdk/src/tools/list-directory.ts
+++ b/sdk/src/tools/list-directory.ts
@@ -13,7 +13,10 @@ export async function listDirectory(params: {
   try {
     const resolvedPath = path.resolve(projectPath, directoryPath)
 
-    if (!resolvedPath.startsWith(projectPath)) {
+    if (
+      !resolvedPath.startsWith(projectPath + path.sep) &&
+      resolvedPath !== projectPath
+    ) {
       return [
         {
           type: 'json',