From 6e5e568da12a48e05dbfb0dcc8f10e67887936ff Mon Sep 17 00:00:00 2001
From: gavrielc <gabicohen22@yahoo.com>
Date: Thu, 30 Apr 2026 10:33:46 +0300
Subject: [PATCH] sanitize agent sent file names to prevent path traversal

---
 src/session-manager.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/session-manager.ts b/src/session-manager.ts
index 996a750..edd4b08 100644
--- a/src/session-manager.ts
+++ b/src/session-manager.ts
@@ -372,6 +372,11 @@ export function readOutboxFiles(
   if (!fs.existsSync(outboxDir)) return undefined;
   const files: OutboundFile[] = [];
   for (const filename of filenames) {
+    // Reject any name that isn't a bare basename before touching the filesystem.
+    if (!isSafeAttachmentName(filename)) {
+      log.warn('Refused unsafe outbox filename — would escape outbox', { messageId, filename });
+      continue;
+    }
     const filePath = path.join(outboxDir, filename);
     if (fs.existsSync(filePath)) {
       files.push({ filename, data: fs.readFileSync(filePath) });