Hua/nanobot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ef64739736583f6cc8c59c589c0847094bb8cb96
nanobot/nanobot/agent
History
andienguyen-ecoligo 5c9cb3a208 fix(security): prevent path traversal bypass via startswith check 
`startswith` string comparison allows bypassing directory restrictions.
For example, `/home/user/workspace_evil` passes the check against
`/home/user/workspace` because the string starts with the allowed path.

Replace with `Path.relative_to()` which correctly validates that the
resolved path is actually inside the allowed directory tree.

Fixes #888
2026-02-21 12:34:14 -05:00
..
tools
fix(security): prevent path traversal bypass via startswith check
2026-02-21 12:34:14 -05:00
__init__.py
🐈nanobot: hello world!
2026-02-01 07:36:42 +00:00
context.py
Merge branch 'main' into pr-939
2026-02-21 17:06:05 +00:00
loop.py
style(loop): compact empty outbound message construction
2026-02-21 08:27:49 +00:00
memory.py
refactor: extract memory consolidation to MemoryStore, slim down AgentLoop
2026-02-21 08:14:46 +00:00
skills.py
feat: support openclaw/clawhub skill metadata format
2026-02-16 13:42:33 +00:00
subagent.py
fix: pass workspace to file tools in subagent
2026-02-20 08:03:24 +00:00