Bug Description
The MemoryManager and WriteMemoryTool do not validate memory names for path traversal characters. A memory name containing ../ allows writing files outside the designated memory directory. This can be exploited via prompt injection to write arbitrary files on the filesystem.
Steps to Reproduce
from iac_code.memory.memory_manager import MemoryManager
mgr = MemoryManager("/path/to/memory")
mgr.save('../escape', 'malicious content', 'user', 'description')
# File is written to /path/to/escape.md (OUTSIDE the memory directory)Or via the WriteMemoryTool (callable by the LLM):
result = await write_memory_tool.execute(
tool_input={'name': '../escape', 'content': 'escaped', 'memory_type': 'user', 'description': 'test'},
context=ctx
)
# Result: is_error=False, file written outside memory directoryExpected Behavior
The memory manager should reject names containing path traversal sequences (../, /, \) and return an error.
Actual Behavior
The file is silently written outside the memory directory. The tool reports success:
Memory '../escape' saved.
And the file exists at the parent directory level:
$ ls /path/to/escape.md
/path/to/escape.md # Written OUTSIDE /path/to/memory/
Root Cause
In src/iac_code/memory/memory_manager.py, the _memory_path method directly concatenates the name:
def _memory_path(self, name: str) -> str:
return os.path.join(self._memory_dir, f"{name}.md")No validation is performed on the name parameter. When name is ../escape, this resolves to a path outside the memory directory.
Suggested Fix
Add name validation in the save() method (and optionally in _memory_path):
def save(self, name: str, content: str, memory_type: str, description: str) -> None:
if memory_type not in MEMORY_TYPES:
raise ValueError(f"Invalid memory type: {memory_type}")
if '/' in name or '\\' in name or '..' in name:
raise ValueError(f"Invalid memory name: {name!r}. Must not contain path separators or '..'.")
# ... rest of methodSecurity Impact
- Attack vector: Prompt injection → LLM calls
WriteMemoryTool with malicious name
- Impact: Arbitrary file write within filesystem permissions of the running user
- Severity: Medium (requires prompt injection, limited to user's filesystem permissions)
Operating System
macOS
Python Version
3.14.0b1
iac-code Version
0.3.0 (dev)
Additional Context
A secondary issue: memory names containing / (without ..) cause a FileNotFoundError because intermediate directories are not created. This should also be caught by input validation.
Bug Description
The
MemoryManagerandWriteMemoryTooldo not validate memory names for path traversal characters. A memory name containing../allows writing files outside the designated memory directory. This can be exploited via prompt injection to write arbitrary files on the filesystem.Steps to Reproduce
Or via the
WriteMemoryTool(callable by the LLM):Expected Behavior
The memory manager should reject names containing path traversal sequences (
../,/,\) and return an error.Actual Behavior
The file is silently written outside the memory directory. The tool reports success:
And the file exists at the parent directory level:
Root Cause
In
src/iac_code/memory/memory_manager.py, the_memory_pathmethod directly concatenates the name:No validation is performed on the
nameparameter. Whennameis../escape, this resolves to a path outside the memory directory.Suggested Fix
Add name validation in the
save()method (and optionally in_memory_path):Security Impact
WriteMemoryToolwith malicious nameOperating System
macOS
Python Version
3.14.0b1
iac-code Version
0.3.0 (dev)
Additional Context
A secondary issue: memory names containing
/(without..) cause aFileNotFoundErrorbecause intermediate directories are not created. This should also be caught by input validation.