From 6e306c8954b592f1c2f3843ad35eb239eeadc845 Mon Sep 17 00:00:00 2001 From: adilburaksen Date: Sun, 24 May 2026 00:38:18 +0300 Subject: [PATCH] fix(agents): prevent path traversal in AgentTool config_path resolution Absolute config_path values were accepted unconditionally, and relative paths were joined without boundary validation, allowing traversal outside the agent directory via "../../../etc/passwd" style inputs. Fix: reject absolute paths; normalize and verify the resolved path stays within the parent agent's directory before loading. --- .../com/google/adk/agents/ConfigAgentUtils.java | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/core/src/main/java/com/google/adk/agents/ConfigAgentUtils.java b/core/src/main/java/com/google/adk/agents/ConfigAgentUtils.java index 893353f27..d4c8a142f 100644 --- a/core/src/main/java/com/google/adk/agents/ConfigAgentUtils.java +++ b/core/src/main/java/com/google/adk/agents/ConfigAgentUtils.java @@ -247,12 +247,18 @@ private static BaseAgent resolveSubAgentFromConfigPath( BaseAgentConfig.AgentRefConfig subAgentConfig, Path configDir) throws ConfigurationException { String configPath = subAgentConfig.configPath().trim(); - Path subAgentConfigPath; if (Path.of(configPath).isAbsolute()) { - subAgentConfigPath = Path.of(configPath); - } else { - subAgentConfigPath = configDir.resolve(configPath); + throw new ConfigurationException( + "Absolute paths are not allowed in AgentTool config_path: " + configPath); + } + + Path subAgentConfigPath = configDir.resolve(configPath).normalize().toAbsolutePath(); + Path canonicalConfigDir = configDir.normalize().toAbsolutePath(); + + if (!subAgentConfigPath.startsWith(canonicalConfigDir)) { + throw new ConfigurationException( + "Path traversal detected: config_path resolves outside agent directory: " + configPath); } if (!Files.exists(subAgentConfigPath)) {