From 5bedb5d4f7b8a15d38849240e5d5259cfd4ec83c Mon Sep 17 00:00:00 2001 From: coderzc Date: Sun, 1 Mar 2026 13:49:11 +0800 Subject: [PATCH] fix(tools): prevent searching root directory in grep and glob tools --- packages/opencode/src/tool/glob.ts | 7 +++++++ packages/opencode/src/tool/grep.ts | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/packages/opencode/src/tool/glob.ts b/packages/opencode/src/tool/glob.ts index a2611246c66f..1dbb5cfee791 100644 --- a/packages/opencode/src/tool/glob.ts +++ b/packages/opencode/src/tool/glob.ts @@ -31,6 +31,13 @@ export const GlobTool = Tool.define("glob", { let search = params.path ?? Instance.directory search = path.isAbsolute(search) ? search : path.resolve(Instance.directory, search) + + // Prevent searching root directory + const parsed = path.parse(search) + if (search === parsed.root) { + throw new Error(`Searching root directory is not allowed: ${search}`) + } + await assertExternalDirectory(ctx, search, { kind: "directory" }) const limit = 100 diff --git a/packages/opencode/src/tool/grep.ts b/packages/opencode/src/tool/grep.ts index 82e7ac1667e1..e818dbfe15c8 100644 --- a/packages/opencode/src/tool/grep.ts +++ b/packages/opencode/src/tool/grep.ts @@ -37,6 +37,13 @@ export const GrepTool = Tool.define("grep", { let searchPath = params.path ?? Instance.directory searchPath = path.isAbsolute(searchPath) ? searchPath : path.resolve(Instance.directory, searchPath) + + // Prevent searching root directory + const parsed = path.parse(searchPath) + if (searchPath === parsed.root) { + throw new Error(`Searching root directory is not allowed: ${searchPath}`) + } + await assertExternalDirectory(ctx, searchPath, { kind: "directory" }) const rgPath = await Ripgrep.filepath()