Skip to content

Validate FileArtifactService scope identifiers before building storage paths#5274

Open
petrmarinec wants to merge 1 commit intogoogle:mainfrom
petrmarinec:fix-fileartifact-scope-traversal
Open

Validate FileArtifactService scope identifiers before building storage paths#5274
petrmarinec wants to merge 1 commit intogoogle:mainfrom
petrmarinec:fix-fileartifact-scope-traversal

Conversation

@petrmarinec
Copy link
Copy Markdown

@petrmarinec petrmarinec commented Apr 10, 2026

Link to Issue or Description of Change

1. Link to an existing issue (if applicable):

2. Or, if no issue exists, describe the change:

Problem:
FileArtifactService validates artifact filenames against traversal, but it still used raw user_id and session_id values when building the storage scope directories. Path separators or traversal segments in those identifiers could move storage outside the intended scope before the filename guard ran.

Solution:
Validate user_id and session_id as single path components before path construction and reject absolute paths, embedded separators, and traversal segments. Added regression tests covering invalid scope identifiers for both user and session storage paths.

Testing Plan

Unit Tests:

  • I have added or updated unit tests for my change.
  • All unit tests pass locally.

Passed locally:

  • PYTHONPATH=src pytest tests/unittests/artifacts/test_artifact_service.py -k "invalid_user_scope_identifiers or invalid_session_scope_identifiers or out_of_scope_paths"
    • Result: 22 passed

Passed in clean Linux Docker (python:3.11-bookworm):

  • pip install -e '.[test]'
  • PYTHONPATH=src pytest tests/unittests/artifacts
    • Result: 72 passed

Manual Validation:

  • On current origin/main, user_id='../../escape-target-current' caused FileArtifactService.save_artifact(...) to write outside the configured artifact root.
  • On this branch, the same call raises InputValidationError and does not create the escaped directory.
  • On this branch, a traversal payload in session_id also raises InputValidationError and does not create the escaped directory.

Checklist

  • I have read the CONTRIBUTING.md document.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have added tests that prove my fix is effective or that my feature works.
  • New and existing unit tests pass locally with my changes.
  • I have manually tested my changes end-to-end.
  • Any dependent changes have been merged and published in downstream modules.

Additional context

This change keeps the existing filename traversal protections intact and closes the missing validation on the scope identifiers used to build the artifact storage paths.

@adk-bot adk-bot added the services [Component] This issue is related to runtime services, e.g. sessions, memory, artifacts, etc label Apr 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

services [Component] This issue is related to runtime services, e.g. sessions, memory, artifacts, etc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@petrmarinec @adk-bot