Path traversal vulnerability via symlinks and cross-drive paths

[mluckydream]

Description

Problem

The Filesystem.contains() function uses lexical path checking only, which allows:

• Symlink escape attacks
• Cross-drive path bypass on Windows

See TODO comments in src/file/index.ts:280-281 and 340-341

Solution

Use realpathSync() to resolve symlinks and validate drive letters on Windows.

Plugins

No response

OpenCode version

No response

Steps to reproduce

No response

Screenshot and/or share link

No response

Operating System

No response

Terminal

No response

[github-actions]

This issue might be a duplicate of existing issues. Please check:

• An agent is able to read all filesystem outside a project directory in Plan mode #7504: An agent is able to read all filesystem outside a project directory in Plan mode

This earlier issue documented the same Filesystem.contains() vulnerability with symlink bypass (item #3 in the table), along with several other related filesystem security issues. The current issue appears to be addressing the specific implementation details mentioned in that comprehensive security report.

Feel free to ignore if this doesn't address your specific case.