valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
61b881d4e51a0e41e0bdce89feb6390f722a946c
llmx/codex-cli
History
Avi Rosenberg ab4cb94227 fix: Normalize paths in resolvePathAgainstWorkdir to prevent path traversal vulnerability (#895) 
This PR fixes a potential path traversal vulnerability by ensuring all
paths are properly normalized in the `resolvePathAgainstWorkdir`
function.

## Changes
- Added path normalization for both absolute and relative paths
- Ensures normalized paths are used in all subsequent operations
- Prevents potential path traversal attacks through non-normalized paths

This minimal change addresses the security concern without adding
unnecessary complexity, while maintaining compatibility with existing
code.
2025-05-12 13:44:00 -07:00
..
bin
chore: introduce new --native flag to Node module release process (#844)
2025-05-12 13:38:10 -07:00
examples
fix: typos in prompts and comments (#195)
2025-04-17 07:12:39 -07:00
scripts
chore: introduce new --native flag to Node module release process (#844)
2025-05-12 13:38:10 -07:00
src
fix: Normalize paths in resolvePathAgainstWorkdir to prevent path traversal vulnerability (#895)
2025-05-12 13:44:00 -07:00
tests
fix: increase output limits for truncating collector (#575)
2025-05-05 10:26:55 -07:00
.dockerignore
(fix) update Docker container scripts (#47)
2025-04-16 12:02:41 -07:00
.editorconfig
Initial commit
2025-04-16 12:56:08 -04:00
.eslintrc.cjs
chore: introduce new --native flag to Node module release process (#844)
2025-05-12 13:38:10 -07:00
.gitignore
chore: make build process a single script to run (#757)
2025-05-01 08:36:07 -07:00
build.mjs
chore(build): cleanup dist before build (#477)
2025-04-21 12:35:25 -04:00
Dockerfile
fix: only allow running without sandbox if explicitly marked in safe container (#699)
2025-04-28 07:48:38 -07:00
HUSKY.md
Feat/add husky (#223)
2025-04-17 07:18:43 -07:00
ignore-react-devtools-plugin.js
Initial commit
2025-04-16 12:56:08 -04:00
package.json
chore: introduce new --native flag to Node module release process (#844)
2025-05-12 13:38:10 -07:00
require-shim.js
Initial commit
2025-04-16 12:56:08 -04:00
tsconfig.json
fix: /bug report command, thinking indicator (#381)
2025-04-18 18:13:34 -07:00
vite.config.ts
fix: add empty vite config file to prevent resolving to parent (#273)
2025-04-17 17:03:15 -07:00