fix: Add path traversal protection for schema file loading

fix-it-felix-sentry[bot] · claude · cameroncooke · commit 35913940d4e1 · 2026-04-30T19:24:12.000+01:00
Add validation to prevent path traversal vulnerabilities when loading structured output schema files. The fix ensures that resolved file paths remain within the intended schemas directory by validating that the resolved path starts with the schemas directory path. This addresses a potential security issue where malicious input could potentially manipulate file paths through path traversal sequences. The fix adds checks in two locations: 1. In schemaPathFor() for schema files 2. In getMcpOutputSchema() for the common schema file Resolves: https://linear.app/getsentry/issue/VULN-1596 Resolves: https://linear.app/getsentry/issue/ENG-7560 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
diff --git a/src/core/structured-output-schema.ts b/src/core/structured-output-schema.ts
@@ -73,7 +73,17 @@ function readJsonObject(filePath: string, label: string): JsonObject {
 }
 
 function schemaPathFor(ref: StructuredOutputSchemaRef): string {
-  return path.join(getStructuredOutputSchemasDir(), ref.schema, `${ref.version}.schema.json`);
+  const schemasDir = getStructuredOutputSchemasDir();
+  const schemaPath = path.join(schemasDir, ref.schema, `${ref.version}.schema.json`);
+  const resolvedPath = path.resolve(schemaPath);
+  const resolvedSchemasDir = path.resolve(schemasDir);
+
+  // Prevent path traversal attacks by ensuring the resolved path is within the schemas directory
+  if (!resolvedPath.startsWith(resolvedSchemasDir + path.sep) && resolvedPath !== resolvedSchemasDir) {
+    throw new Error(`Invalid schema path: attempted path traversal detected for ${ref.schema}@${ref.version}`);
+  }
+
+  return schemaPath;
 }
 
 function collectAndRewriteCommonRefs(value: unknown, pendingDefs: Set<string>): unknown {
@@ -192,8 +202,19 @@ export function getMcpOutputSchema(ref: StructuredOutputSchemaRef): JsonObject {
   }
 
   const rootSchema = readJsonObject(schemaPathFor(ref), `${ref.schema}@${ref.version}`);
+
+  // Validate common schema path to prevent path traversal
+  const schemasDir = getStructuredOutputSchemasDir();
+  const commonSchemaPath = path.join(schemasDir, '_defs', 'common.schema.json');
+  const resolvedCommonPath = path.resolve(commonSchemaPath);
+  const resolvedSchemasDir = path.resolve(schemasDir);
+
+  if (!resolvedCommonPath.startsWith(resolvedSchemasDir + path.sep) && resolvedCommonPath !== resolvedSchemasDir) {
+    throw new Error('Invalid common schema path: attempted path traversal detected');
+  }
+
   const commonSchema = readJsonObject(
-    path.join(getStructuredOutputSchemasDir(), '_defs', 'common.schema.json'),
+    commonSchemaPath,
     'common structured output definitions',
   );
   const bundled = bundleSchema(rootSchema, commonSchema);
