Skip to content

Restrict icon paths to subdirectories of agent extensions #44183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rtfeldman merged 2 commits into from
Jan 9, 2026
Merged

Restrict icon paths to subdirectories of agent extensions #44183

rtfeldman merged 2 commits into from
Jan 9, 2026

Conversation

@rtfeldman
Copy link
Contributor

@rtfeldman rtfeldman commented Dec 4, 2025

Right now agent extensions can specify icon paths that point anywhere. This changes it so that they can only specify icon paths that are subdirectories of the extension's root dir.

Release Notes:

  • Restrict agent server extension icon paths to subdirectories of the extension's root directory
@cla-bot cla-bot bot added the cla-signed The user has signed the Contributor License Agreement label Dec 4, 2025
@rtfeldman rtfeldman enabled auto-merge (squash) January 9, 2026 04:09
@rtfeldman rtfeldman added the area:ai Improvement related to Agent Panel, Edit Prediction, Copilot, or other AI features label Jan 9, 2026
@rtfeldman rtfeldman merged commit feb04ff into main Jan 9, 2026
23 checks passed
@rtfeldman rtfeldman deleted the icon-security branch January 9, 2026 04:21
dui pushed a commit to dui/zed that referenced this pull request Jan 16, 2026
@claude
Restrict agent extension icon paths to subdirectory of extension root
104d945 
This is a security fix to prevent path traversal attacks where a malicious
extension could specify an icon path like "../../../etc/passwd" to access
files outside its own directory.

The fix adds a `resolve_extension_icon_path` function that:
- Canonicalizes both the extension directory and the icon path
- Verifies the resolved icon path stays within the extension directory
- Returns None for invalid paths, preventing the icon from being loaded

Fixes zed-industries#44183

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:ai Improvement related to Agent Panel, Edit Prediction, Copilot, or other AI features cla-signed The user has signed the Contributor License Agreement

2 participants

@rtfeldman