Skip to content

.Net: Harden file path validation in Core, Document, and Web plugins#14118

Merged
SergeyMenshykh merged 4 commits into
microsoft:mainfrom
SergeyMenshykh:sergeymenshykh-fix-symlink-bypass-path-validation
Jun 25, 2026
Merged

.Net: Harden file path validation in Core, Document, and Web plugins#14118
SergeyMenshykh merged 4 commits into
microsoft:mainfrom
SergeyMenshykh:sergeymenshykh-fix-symlink-bypass-path-validation

Conversation

@SergeyMenshykh

@SergeyMenshykh SergeyMenshykh commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Motivation and Context

This change hardens file system path handling in the file-based plugins. Previously, the path used for allowlist validation could differ from the path ultimately used for file I/O, so the two operations were not guaranteed to refer to the same file system location.

Description

  • Adds a shared PathUtilities.GetSafeFullPath helper that produces a canonical full path for a given input.
  • Updates FileIOPlugin, SessionsPythonPlugin, DocumentPlugin and WebFileDownloadPlugin to validate and perform I/O against the same canonical path, and to compare paths using OS-appropriate string comparison.
  • Adds regression tests covering the new behavior.

Contribution Checklist

  • The code builds clean without any errors or warnings
  • The PR follows the SK Contribution Guidelines
  • All unit tests pass, and I have added new tests where possible

@SergeyMenshykh
.Net: Harden file path validation in Core, Document, and Web plugins
825e473 
Introduce a shared PathUtilities.GetSafeFullPath helper that canonicalizes file system paths and use it across the file-based plugins so that path allowlist checks and the subsequent file I/O operate on the same canonical path. Adds regression tests.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 24, 2026 14:58
@SergeyMenshykh SergeyMenshykh requested a review from a team as a code owner June 24, 2026 14:58
@moonbox3 moonbox3 added the .NET Issue or Pull requests regarding .NET code label Jun 24, 2026
Copilot AI reviewed Jun 24, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens filesystem path handling across several .NET file-based plugins by introducing a shared canonicalization helper (PathUtilities.GetSafeFullPath) that resolves paths consistently (including symlink-aware resolution on .NET 6+) so that allowlist validation and subsequent file I/O operate on the same resolved location.

Changes:

  • Added PathUtilities.GetSafeFullPath and updated plugins to use it for canonicalization and OS-appropriate path comparisons.
  • Hardened allowlist validation logic to reduce validate/use mismatches (including symlink bypass scenarios).
  • Added regression tests covering symlink bypass and Linux case-sensitive allowlist behavior; linked PathUtilities.cs into the unit test project.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
dotnet/src/InternalUtilities/src/System/PathUtilities.cs Introduces shared safe full-path canonicalization with symlink-aware resolution.
dotnet/src/Plugins/Plugins.Core/FileIOPlugin.cs Uses canonical path for both allowlist checks and I/O; switches to OS-appropriate comparison.
dotnet/src/Plugins/Plugins.Core/CodeInterpreter/SessionsPythonPlugin.cs Uses safe canonicalization for upload/download validation and directory comparisons.
dotnet/src/Plugins/Plugins.Document/DocumentPlugin.cs Switches canonicalization and comparisons to PathUtilities to avoid validate/use mismatches.
dotnet/src/Plugins/Plugins.Web/WebFileDownloadPlugin.cs Canonicalizes download paths via helper and compares paths using PathUtilities.PathComparison.
dotnet/src/Plugins/Plugins.UnitTests/Plugins.UnitTests.csproj Links PathUtilities.cs into unit tests to validate behavior directly.
dotnet/src/Plugins/Plugins.UnitTests/Core/PathUtilitiesTests.cs Adds direct tests for canonicalization and symlink handling behaviors.
dotnet/src/Plugins/Plugins.UnitTests/Core/FileIOPluginTests.cs Adds tests for symlink-bypass denial and Linux case-sensitive allowlist behavior.
dotnet/src/Plugins/Plugins.UnitTests/Core/SessionsPythonPluginTests.cs Adds tests for symlink-bypass denial and Linux casing behavior in upload/download validation.
dotnet/src/Plugins/Plugins.UnitTests/Web/WebFileDownloadPluginTests.cs Adds tests for UNC/extended path rejection and Linux case-sensitive allowlist behavior.
Comments suppressed due to low confidence (1)

dotnet/src/Plugins/Plugins.Core/FileIOPlugin.cs:119

  • UNC paths can be specified with forward slashes (e.g., "//server/share/file") on Windows. Currently only "\\" is rejected, so "//" can slip through to PathUtilities.GetSafeFullPath / File.Exists before being denied, potentially causing unintended network access or hangs. Reject "//" here as well, consistent with other plugins’ UNC checks.
        if (path.StartsWith("\\\\", StringComparison.OrdinalIgnoreCase))
        {
            throw new ArgumentException("Invalid file path, UNC paths are not supported.", nameof(path));
        }

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread dotnet/src/InternalUtilities/src/System/PathUtilities.cs
Comment thread dotnet/src/Plugins/Plugins.Document/DocumentPlugin.cs Outdated
@SergeyMenshykh
Address PR review feedback
5e23fb2 
- Add missing System.Runtime.InteropServices using to PathUtilities so it compiles where implicit usings are disabled.
- Reject forward-slash UNC paths in DocumentPlugin, consistent with the Web plugin, and add a regression test.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@SergeyMenshykh SergeyMenshykh self-assigned this Jun 24, 2026
@SergeyMenshykh SergeyMenshykh moved this to In Review in Agent Framework Jun 24, 2026
rogerbarreto
rogerbarreto reviewed Jun 24, 2026
View reviewed changes
Comment thread dotnet/src/InternalUtilities/src/System/PathUtilities.cs
rogerbarreto
rogerbarreto reviewed Jun 24, 2026
View reviewed changes
Comment thread dotnet/src/Plugins/Plugins.UnitTests/Core/FileIOPluginTests.cs Outdated
@SergeyMenshykh
Narrow symlink-setup exception handling in plugin tests
fd2b529 
Catch only the privilege exceptions (IOException/UnauthorizedAccessException) when creating symbolic links and remove the File.Exists/Directory.Exists guards, so genuine test-setup failures surface instead of being masked. The early return is retained only for environments (e.g. Windows build agents) that don't permit symbolic link creation.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@SergeyMenshykh SergeyMenshykh added this pull request to the merge queue Jun 25, 2026
Merged via the queue into microsoft:main with commit e99c633 Jun 25, 2026
18 checks passed
@SergeyMenshykh SergeyMenshykh deleted the sergeymenshykh-fix-symlink-bypass-path-validation branch June 25, 2026 09:55
@github-project-automation github-project-automation Bot moved this from In Review to Done in Agent Framework Jun 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@rogerbarreto rogerbarreto rogerbarreto approved these changes
@westey-m westey-m westey-m approved these changes

Assignees

@SergeyMenshykh SergeyMenshykh

Labels

.NET Issue or Pull requests regarding .NET code

Projects

Agent Framework
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@SergeyMenshykh @rogerbarreto @westey-m @moonbox3