Harden module path normalization and traversal checks

Author: mgomes

ROADMAP.md

@@ -257,8 +257,8 @@ Goal: make multi-file script projects easier to compose and maintain.
 
 ### Security and Isolation
 
-- [ ] Tighten module root boundary checks and path normalization.
-- [ ] Add test coverage for path traversal attempts.
+- [x] Tighten module root boundary checks and path normalization.
+- [x] Add test coverage for path traversal attempts.
 - [ ] Add explicit policy hooks for module allow/deny lists.
 
 ### Developer UX

docs/integration.md

@@ -85,6 +85,8 @@ can be exported explicitly with `export def ...`; if no explicit exports are
 declared, public names are exported by default and names starting with `_`
 remain private. Exported names are only injected into globals when no binding
 already exists, so existing host/script globals keep precedence.
+Import paths are normalized across slash styles, and traversal/symlink escapes
+outside configured module roots are blocked.
 
 ### Capability Adapters
 

vibes/modules.go

@@ -31,15 +31,18 @@ func parseModuleRequest(name string) (moduleRequest, error) {
 	if trimmed == "" {
 		return moduleRequest{}, fmt.Errorf("require: module name must be non-empty")
 	}
+	normalizedName := strings.ReplaceAll(trimmed, "\\", string(filepath.Separator))
+	normalizedName = strings.ReplaceAll(normalizedName, "/", string(filepath.Separator))
+
 	request := moduleRequest{
 		raw:              name,
 		explicitRelative: isExplicitRelativeModulePath(trimmed),
 	}
-	if filepath.Ext(trimmed) == "" {
-		trimmed += ".vibe"
+	if filepath.Ext(normalizedName) == "" {
+		normalizedName += ".vibe"
 	}
 
-	request.normalized = filepath.Clean(trimmed)
+	request.normalized = filepath.Clean(normalizedName)
 	if request.normalized == "." {
 		return moduleRequest{}, fmt.Errorf("require: module name %q resolves to current directory", name)
 	}
@@ -61,8 +64,8 @@ func isExplicitRelativeModulePath(name string) bool {
 }
 
 func containsPathTraversal(cleanPath string) bool {
-	sep := string(filepath.Separator)
-	return slices.Contains(strings.Split(cleanPath, sep), "..")
+	normalized := strings.ReplaceAll(filepath.Clean(cleanPath), "\\", "/")
+	return slices.Contains(strings.Split(normalized, "/"), "..")
 }
 
 func moduleCacheKey(root, relative string) string {
@@ -244,11 +247,15 @@ func (e *Engine) loadSearchPathModule(request moduleRequest) (moduleEntry, error
 
 	for _, root := range e.modPaths {
 		key := moduleCacheKey(root, request.normalized)
+		candidate := filepath.Join(root, request.normalized)
+
+		if _, err := moduleRelativePath(root, candidate); err != nil {
+			return moduleEntry{}, fmt.Errorf("require: module name %q escapes module root", request.raw)
+		}
+
 		if entry, ok := e.getCachedModule(key); ok {
 			return entry, nil
 		}
-
-		candidate := filepath.Join(root, request.normalized)
 		data, readErr := os.ReadFile(candidate)
 		if readErr != nil {
 			if errors.Is(readErr, fs.ErrNotExist) {

vibes/modules_test.go

@@ -367,6 +367,47 @@ end`)
 	}
 }
 
+func TestRequireRejectsBackslashPathTraversal(t *testing.T) {
+	engine := MustNewEngine(Config{ModulePaths: []string{filepath.Join("testdata", "modules")}})
+
+	script, err := engine.Compile(`def run()
+  require("nested\\..\\..\\etc\\passwd")
+end`)
+	if err != nil {
+		t.Fatalf("compile failed: %v", err)
+	}
+
+	if _, err := script.Call(context.Background(), "run", nil, CallOptions{}); err == nil {
+		t.Fatalf("expected error for backslash path traversal")
+	} else if !strings.Contains(err.Error(), "escapes search paths") {
+		t.Fatalf("unexpected error: %v", err)
+	}
+}
+
+func TestRequireNormalizesPathSeparators(t *testing.T) {
+	engine := MustNewEngine(Config{ModulePaths: []string{filepath.Join("testdata", "modules")}})
+
+	script, err := engine.Compile(`def run(value)
+  unix_style = require("shared/math")
+  windows_style = require("shared\\math")
+  unix_style.double(value) + windows_style.double(value)
+end`)
+	if err != nil {
+		t.Fatalf("compile failed: %v", err)
+	}
+
+	result, err := script.Call(context.Background(), "run", []Value{NewInt(3)}, CallOptions{})
+	if err != nil {
+		t.Fatalf("call failed: %v", err)
+	}
+	if result.Kind() != KindInt || result.Int() != 12 {
+		t.Fatalf("expected 12, got %#v", result)
+	}
+	if len(engine.modules) != 1 {
+		t.Fatalf("expected normalized requires to share cache entry, got %d modules", len(engine.modules))
+	}
+}
+
 func TestRequireRelativePathRequiresModuleCaller(t *testing.T) {
 	engine := MustNewEngine(Config{ModulePaths: []string{filepath.Join("testdata", "modules")}})
 
@@ -489,6 +530,42 @@ end`)
 	}
 }
 
+func TestRequireSearchPathRejectsSymlinkEscape(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("symlink behavior is environment-specific on Windows")
+	}
+
+	moduleRoot := t.TempDir()
+	outsideRoot := t.TempDir()
+
+	secretModule := filepath.Join(outsideRoot, "secret.vibe")
+	if err := os.WriteFile(secretModule, []byte(`def hidden()
+  42
+end
+`), 0o644); err != nil {
+		t.Fatalf("write secret module: %v", err)
+	}
+
+	symlinkPath := filepath.Join(moduleRoot, "link")
+	if err := os.Symlink(outsideRoot, symlinkPath); err != nil {
+		t.Skipf("symlink unavailable: %v", err)
+	}
+
+	engine := MustNewEngine(Config{ModulePaths: []string{moduleRoot}})
+	script, err := engine.Compile(`def run()
+  require("link/secret")
+end`)
+	if err != nil {
+		t.Fatalf("compile failed: %v", err)
+	}
+
+	if _, err := script.Call(context.Background(), "run", nil, CallOptions{}); err == nil {
+		t.Fatalf("expected symlink escape error")
+	} else if !strings.Contains(err.Error(), "escapes module root") {
+		t.Fatalf("unexpected error: %v", err)
+	}
+}
+
 func TestRequireRelativePathRejectsOutOfRootCachedModule(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		t.Skip("symlink behavior is environment-specific on Windows")