Skip to content

security: add workspace path validation and session regeneration on login#63

Open
DeryFerd wants to merge 2 commits into
anvie:mainfrom
DeryFerd:security/validate-agent-workspace-paths
Open

security: add workspace path validation and session regeneration on login#63
DeryFerd wants to merge 2 commits into
anvie:mainfrom
DeryFerd:security/validate-agent-workspace-paths

Conversation

@DeryFerd

@DeryFerd DeryFerd commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

The Problem

While reviewing the codebase, I found two security vulnerabilities that could compromise system integrity:

1. Workspace Path Injection (CWE-22)
Agents could be created with arbitrary filesystem paths as workspaces. An attacker who gained access to the agent creation endpoint could set a workspace to /etc, /root, or C:\Windows\System32, potentially allowing the agent to read or modify sensitive system files.

2. Session Fixation (CWE-384)
The login flow didn't regenerate the session ID after authentication. This meant an attacker who could set a victim's session cookie before login could hijack the authenticated session afterward—a classic session fixation attack.

The Fix

Workspace Path Validation

  • Created backend/workspace_validator.py with functions to detect dangerous paths and path traversal attempts
  • Modified models/mixins/agents.py to validate workspace paths in both create_agent() and update_agent()
  • Blocks absolute paths to system directories (/etc, /root, C:\Windows, etc.)
  • Rejects path traversal sequences (.. patterns)
  • Raises ValueError with descriptive error messages when validation fails
  • Safe relative paths and temp directories are still allowed

Session Regeneration

  • Modified routes/auth.py to call session.clear() before setting the authenticated flag
  • Only clears session on successful login (failed attempts don't regenerate)
  • Preserves the next URL from form data (not from pre-login session)

Testing

Created comprehensive test coverage:

unit_tests/test_agent_workspace_validation.py (5 tests, 16 subtests)

  • Verifies dangerous system paths are rejected (/etc, /root, C:\Windows, etc.)
  • Confirms path traversal attempts are blocked (../../../etc/passwd)
  • Validates safe relative paths are allowed (my_workspace, workspace/subdir)
  • Tests approved absolute paths (temp directories)
  • Ensures empty/null workspaces use safe defaults

unit_tests/test_session_fixation.py (2 tests)

  • Confirms pre-login session data is cleared on successful login
  • Verifies failed logins don't regenerate the session
  • Tests that attacker-planted session markers are wiped out

Validation

All tests pass:

$ python -m pytest unit_tests/test_agent_workspace_validation.py -v
5 passed, 16 subtests passed

$ python -m pytest unit_tests/test_session_fixation.py -v
2 passed

Compatibility

These changes are backward compatible:

  • Existing agents with valid workspace paths continue working
  • The validation only blocks dangerous new configurations
  • Session clearing on login is transparent to users

Security Impact

Before:

  • Agents could read/write anywhere on the filesystem
  • Session fixation attacks were possible

After:

  • Agent workspaces are restricted to safe directories
  • Session IDs regenerate on login, preventing fixation attacks

…ogin

- Add workspace path validator to prevent directory traversal attacks
  - Blocks dangerous system paths (/etc, /root, C:\Windows, etc.)
  - Rejects path traversal sequences (..)
  - Validates paths on agent creation and update

- Regenerate session on successful login to prevent session fixation
  - Call session.clear() before setting authenticated flag
  - Prevents attackers from hijacking pre-set sessions

- Add comprehensive test coverage for both fixes
  - test_agent_workspace_validation.py: 5 tests, 16 subtests
  - test_session_fixation.py: 2 tests

Fixes two medium-high security vulnerabilities identified during audit.
@DeryFerd DeryFerd changed the title security: add workspace path validation and session regeneration on l… security: add workspace path validation and session regeneration on login Jun 5, 2026
The validator now correctly rejects subdirectories under dangerous paths
(e.g., /var/log) by checking for both forward and backward slashes
in cross-platform path validation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant