From ab4cb9422753c2505bcd073d9de00f5d0972f873 Mon Sep 17 00:00:00 2001
From: Avi Rosenberg <avrumi96@gmail.com>
Date: Mon, 12 May 2025 23:44:00 +0300
Subject: [PATCH] fix: Normalize paths in resolvePathAgainstWorkdir to prevent
 path traversal vulnerability (#895)

This PR fixes a potential path traversal vulnerability by ensuring all
paths are properly normalized in the `resolvePathAgainstWorkdir`
function.

## Changes
- Added path normalization for both absolute and relative paths
- Ensures normalized paths are used in all subsequent operations
- Prevents potential path traversal attacks through non-normalized paths

This minimal change addresses the security concern without adding
unnecessary complexity, while maintaining compatibility with existing
code.
---
 codex-cli/src/approvals.ts | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/codex-cli/src/approvals.ts b/codex-cli/src/approvals.ts
index 5ea73eab..032acec0 100644
--- a/codex-cli/src/approvals.ts
+++ b/codex-cli/src/approvals.ts
@@ -281,12 +281,14 @@ export function resolvePathAgainstWorkdir(
   candidatePath: string,
   workdir: string | undefined,
 ): string {
-  if (path.isAbsolute(candidatePath)) {
-    return candidatePath;
+  // Normalize candidatePath to prevent path traversal attacks
+  const normalizedCandidatePath = path.normalize(candidatePath);
+  if (path.isAbsolute(normalizedCandidatePath)) {
+    return normalizedCandidatePath;
   } else if (workdir != null) {
-    return path.resolve(workdir, candidatePath);
+    return path.resolve(workdir, normalizedCandidatePath);
   } else {
-    return path.resolve(candidatePath);
+    return path.resolve(normalizedCandidatePath);
   }
 }