| 제목 | nextlevelbuilder GoClaw 3.13.3-beta.3 Path Traversal / Sandbox Escape (CWE-22) |
|---|
| 설명 | # Technical Details
A Path Traversal / Sandbox Escape exists in the `resolvePath` method in `internal/providers/acp/tool_bridge.go` of GoClaw.
The application fails to safely resolve dangling symlinks before writing ACP files. An ACP-backed agent can create a dangling symlink inside the configured workspace and then call `fs/writeTextFile` on that in-workspace path. When `filepath.EvalSymlinks(cleaned)` fails, the validator falls back to the lexical path, which still appears inside the workspace, and `os.WriteFile` later follows the symlink target outside the sandbox.
# Vulnerable Code
File: internal/providers/acp/tool_bridge.go
Method: resolvePath
Why: The code uses `real, err := filepath.EvalSymlinks(cleaned)` and falls back to `real = cleaned` on error. `writeFile()` then calls `os.WriteFile(resolved, ...)`, allowing a dangling symlink alias inside the workspace to redirect writes to an external file.
# Reproduction
1. Run a vulnerable GoClaw ACP ToolBridge deployment on version `3.13.3-beta.3` and create a dangling symlink inside the ACP workspace that points to a file outside the workspace.
2. From an ACP-backed agent session, invoke `fs/writeTextFile` against the symlink path.
3. Observe that GoClaw writes to the external target file even though direct traversal outside the workspace is blocked.
# Impact
- ACP-backed agents can modify files outside the configured workspace boundary.
- This breaks workspace isolation and can tamper with neighboring workspace data, scripts, temporary files, and other writable host resources. |
|---|
| 원천 | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1201 |
|---|
| 사용자 | Eric-b (UID 96354) |
|---|
| 제출 | 2026. 06. 11. AM 09:10 (1 월 ago) |
|---|
| 모더레이션 | 2026. 07. 13. PM 07:24 (1 month later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 378128 [nextlevelbuilder GoClaw 3.13.3-beta.3 ACP ToolBridge Workspace tool_bridge.go writeFile 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|