fix(security): expand $HOME before path validation in downloadFile

louisgv · claude · louisgv · commit 2aba8e655248 · 2026-03-28T06:31:04.000Z
Fixes #3080 Prevents path traversal via other $VAR expansions by normalizing $HOME to ~ before the strict path regex check, removing the need to allow $ in the charset. Applied to all 5 cloud providers: - digitalocean: downloadFile - aws: downloadFile - sprite: downloadFileSprite - gcp: uploadFile + downloadFile - hetzner: downloadFile Also bumps CLI version to 0.27.7. Agent: security-auditor Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
diff --git a/packages/cli/package.json b/packages/cli/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openrouter/spawn",
-  "version": "0.27.6",
+  "version": "0.27.7",
   "type": "module",
   "bin": {
     "spawn": "cli.js"
diff --git a/packages/cli/src/aws/aws.ts b/packages/cli/src/aws/aws.ts
@@ -1178,15 +1178,15 @@ export async function uploadFile(localPath: string, remotePath: string): Promise
 }
 
 export async function downloadFile(remotePath: string, localPath: string): Promise<void> {
-  const normalizedRemote = validateRemotePath(remotePath, /^[a-zA-Z0-9/_.~$-]+$/);
+  const expandedRemote = remotePath.replace(/^\$HOME\//, "~/");
+  const normalizedRemote = validateRemotePath(expandedRemote, /^[a-zA-Z0-9/_.~-]+$/);
   const keyOpts = getSshKeyOpts(await ensureSshKeys());
-  const expandedPath = normalizedRemote.replace(/^\$HOME/, "~");
   const proc = Bun.spawn(
     [
       "scp",
       ...SSH_BASE_OPTS,
       ...keyOpts,
-      `${SSH_USER}@${_state.instanceIp}:${expandedPath}`,
+      `${SSH_USER}@${_state.instanceIp}:${normalizedRemote}`,
       localPath,
     ],
     {
diff --git a/packages/cli/src/digitalocean/digitalocean.ts b/packages/cli/src/digitalocean/digitalocean.ts
@@ -1448,17 +1448,17 @@ export async function uploadFile(localPath: string, remotePath: string, ip?: str
 
 export async function downloadFile(remotePath: string, localPath: string, ip?: string): Promise<void> {
   const serverIp = ip || _state.serverIp;
-  const normalizedRemote = validateRemotePath(remotePath, /^[a-zA-Z0-9/_.~$-]+$/);
+  const expandedRemote = remotePath.replace(/^\$HOME\//, "~/");
+  const normalizedRemote = validateRemotePath(expandedRemote, /^[a-zA-Z0-9/_.~-]+$/);
 
   const keyOpts = getSshKeyOpts(await ensureSshKeys());
-  const expandedPath = normalizedRemote.replace(/^\$HOME/, "~");
 
   const proc = Bun.spawn(
     [
       "scp",
       ...SSH_BASE_OPTS,
       ...keyOpts,
-      `root@${serverIp}:${expandedPath}`,
+      `root@${serverIp}:${normalizedRemote}`,
       localPath,
     ],
     {
diff --git a/packages/cli/src/gcp/gcp.ts b/packages/cli/src/gcp/gcp.ts
@@ -1028,10 +1028,9 @@ export async function uploadFile(localPath: string, remotePath: string): Promise
     logError(`Invalid local path: ${localPath}`);
     throw new Error("Invalid local path");
   }
-  const normalizedRemote = validateRemotePath(remotePath, /^[a-zA-Z0-9/_.~$-]+$/);
+  const expandedRemote = remotePath.replace(/^\$HOME\//, "~/");
+  const normalizedRemote = validateRemotePath(expandedRemote, /^[a-zA-Z0-9/_.~-]+$/);
   const username = resolveUsername();
-  // Expand $HOME on remote side
-  const expandedPath = normalizedRemote.replace(/^\$HOME/, "~");
   const keyOpts = getSshKeyOpts(await ensureSshKeys());
 
   const proc = Bun.spawn(
@@ -1040,7 +1039,7 @@ export async function uploadFile(localPath: string, remotePath: string): Promise
       ...SSH_BASE_OPTS,
       ...keyOpts,
       localPath,
-      `${username}@${_state.serverIp}:${expandedPath}`,
+      `${username}@${_state.serverIp}:${normalizedRemote}`,
     ],
     {
       stdio: [
@@ -1067,17 +1066,17 @@ export async function downloadFile(remotePath: string, localPath: string): Promi
     logError(`Invalid local path: ${localPath}`);
     throw new Error("Invalid local path");
   }
-  const normalizedRemote = validateRemotePath(remotePath, /^[a-zA-Z0-9/_.~$-]+$/);
+  const expandedRemote = remotePath.replace(/^\$HOME\//, "~/");
+  const normalizedRemote = validateRemotePath(expandedRemote, /^[a-zA-Z0-9/_.~-]+$/);
   const username = resolveUsername();
-  const expandedPath = normalizedRemote.replace(/^\$HOME/, "~");
   const keyOpts = getSshKeyOpts(await ensureSshKeys());
 
   const proc = Bun.spawn(
     [
       "scp",
       ...SSH_BASE_OPTS,
       ...keyOpts,
-      `${username}@${_state.serverIp}:${expandedPath}`,
+      `${username}@${_state.serverIp}:${normalizedRemote}`,
       localPath,
     ],
     {
diff --git a/packages/cli/src/hetzner/hetzner.ts b/packages/cli/src/hetzner/hetzner.ts
@@ -909,17 +909,17 @@ export async function uploadFile(localPath: string, remotePath: string, ip?: str
 
 export async function downloadFile(remotePath: string, localPath: string, ip?: string): Promise<void> {
   const serverIp = ip || _state.serverIp;
-  const normalizedRemote = validateRemotePath(remotePath, /^[a-zA-Z0-9/_.~$-]+$/);
+  const expandedRemote = remotePath.replace(/^\$HOME\//, "~/");
+  const normalizedRemote = validateRemotePath(expandedRemote, /^[a-zA-Z0-9/_.~-]+$/);
 
   const keyOpts = getSshKeyOpts(await ensureSshKeys());
-  const expandedPath = normalizedRemote.replace(/^\$HOME/, "~");
 
   const proc = Bun.spawn(
     [
       "scp",
       ...SSH_BASE_OPTS,
       ...keyOpts,
-      `root@${serverIp}:${expandedPath}`,
+      `root@${serverIp}:${normalizedRemote}`,
       localPath,
     ],
     {
diff --git a/packages/cli/src/sprite/sprite.ts b/packages/cli/src/sprite/sprite.ts
@@ -657,10 +657,10 @@ export async function uploadFileSprite(localPath: string, remotePath: string): P
 
 /** Download a file from the remote sprite by catting it to stdout. */
 export async function downloadFileSprite(remotePath: string, localPath: string): Promise<void> {
-  const normalizedRemote = validateRemotePath(remotePath, /^[a-zA-Z0-9/_.~$-]+$/);
+  const expandedRemote = remotePath.replace(/^\$HOME\//, "~/");
+  const normalizedRemote = validateRemotePath(expandedRemote, /^[a-zA-Z0-9/_.~-]+$/);
 
   const spriteCmd = getSpriteCmd()!;
-  const expandedPath = normalizedRemote.replace(/^\$HOME/, "~");
 
   await spriteRetry("sprite download", async () => {
     const proc = Bun.spawn(
@@ -672,7 +672,7 @@ export async function downloadFileSprite(remotePath: string, localPath: string):
         _state.name,
         "--",
         "cat",
-        expandedPath,
+        normalizedRemote,
       ],
       {
         stdio: [

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@openrouter/spawn",`
`3`		`- "version": "0.27.6",`
	`3`	`+ "version": "0.27.7",`
`4`	`4`	`"type": "module",`
`5`	`5`	`"bin": {`
`6`	`6`	`"spawn": "cli.js"`
Original file line number	Diff line number	Diff line change
`@@ -1178,15 +1178,15 @@ export async function uploadFile(localPath: string, remotePath: string): Promise`
`1178`	`1178`	`}`
`1179`	`1179`
`1180`	`1180`	`export async function downloadFile(remotePath: string, localPath: string): Promise<void> {`
`1181`		`- const normalizedRemote = validateRemotePath(remotePath, /^[a-zA-Z0-9/_.~$-]+$/);`
	`1181`	`+ const expandedRemote = remotePath.replace(/^\$HOME\//, "~/");`
	`1182`	`+ const normalizedRemote = validateRemotePath(expandedRemote, /^[a-zA-Z0-9/_.~-]+$/);`
`1182`	`1183`	`const keyOpts = getSshKeyOpts(await ensureSshKeys());`
`1183`		`- const expandedPath = normalizedRemote.replace(/^\$HOME/, "~");`
`1184`	`1184`	`const proc = Bun.spawn(`
`1185`	`1185`	`[`
`1186`	`1186`	`"scp",`
`1187`	`1187`	`...SSH_BASE_OPTS,`
`1188`	`1188`	`...keyOpts,`
`1189`		- `${SSH_USER}@${_state.instanceIp}:${expandedPath}`,
	`1189`	+ `${SSH_USER}@${_state.instanceIp}:${normalizedRemote}`,
`1190`	`1190`	`localPath,`
`1191`	`1191`	`],`
`1192`	`1192`	`{`