From bb087d831a10ff71c491a3183068ff02dcf48000 Mon Sep 17 00:00:00 2001
From: Sebastion <sebastion@sebastion.dev>
Date: Tue, 2 Jun 2026 15:30:08 +0100
Subject: [PATCH] fix: resolve symlinks before path containment check in
 sandboxed fs.readFile

Use fs.realpath() to resolve symlinks before checking whether the path
falls within allowed roots, and pass the resolved path to readFile().
This prevents symlink-based path traversal (CWE-22) where a symlink
inside an allowed root points to a file outside it.
---
 src/cognition/emergent/SandboxedToolForge.ts | Bin 20317 -> 20347 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/src/cognition/emergent/SandboxedToolForge.ts b/src/cognition/emergent/SandboxedToolForge.ts
index 297bd64af8392c5ef0eb82027ff248cc1ab6ff41..ab71a3a5989f5aa7cca0d47362c196b2bd84449c 100644
GIT binary patch
delta 82
zcmcaRkMZ|B#tr}3xpWkYQWJ9u5=$~R|7V}=teRM!m{|fB(*Q~66{QyE=ai*tq-Ex$
X1^@*#H?Q}uV&s4dr)<{sHDCe&cf%kn

delta 51
zcmex8kMZt2#tr}3H*<2#b`~v2EXmL-N-fUMDNEHz%gjj)019kA>0QOh0^)7<_BCJv
E053HZ7XSbN