Prevent path traversal in tool config names

Reject tool and config names containing /, \, or .. in ToolConfigModel
to prevent writing arbitrary files within the shared /plugins directory.
Added client-side validation in SaveConfigDialog.vue and backend
validation in both Ruby and Python models with corresponding specs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: jmthomas

openc3-cosmos-init/plugins/packages/openc3-vue-common/src/components/config/SaveConfigDialog.vue

@@ -8,7 +8,7 @@
 # See LICENSE.md for more details.
 
 # Modified by OpenC3, Inc.
-# All changes Copyright 2022, OpenC3, Inc.
+# All changes Copyright 2026, OpenC3, Inc.
 # All Rights Reserved
 #
 # This file may also be used under the terms of a commercial license
@@ -142,6 +142,9 @@ export default {
       if (!this.configName) {
         return 'Config must have a name'
       }
+      if (/[/\\]|\.\./.test(this.configName)) {
+        return 'Config name must not contain / \\ or ..'
+      }
       return null
     },
     show: {

openc3/lib/openc3/models/tool_config_model.rb

@@ -26,19 +26,26 @@ def self.config_tool_names(scope: $openc3_scope)
     end
 
     def self.list_configs(tool, scope: $openc3_scope)
+      raise "Invalid tool name: #{tool}" if tool.match?(%r{[/\\]|\.\.})
       Store.hkeys("#{scope}__config__#{tool}")
     end
 
     def self.load_config(tool, name, scope: $openc3_scope)
+      raise "Invalid tool name: #{tool}" if tool.match?(%r{[/\\]|\.\.})
+      raise "Invalid config name: #{name}" if name.match?(%r{[/\\]|\.\.})
       Store.hget("#{scope}__config__#{tool}", name)
     end
 
     def self.save_config(tool, name, data, local_mode: true, scope: $openc3_scope)
+      raise "Invalid tool name: #{tool}" if tool.match?(%r{[/\\]|\.\.})
+      raise "Invalid config name: #{name}" if name.match?(%r{[/\\]|\.\.})
       Store.hset("#{scope}__config__#{tool}", name, data)
       LocalMode.save_tool_config(scope, tool, name, data) if local_mode
     end
 
     def self.delete_config(tool, name, local_mode: true, scope: $openc3_scope)
+      raise "Invalid tool name: #{tool}" if tool.match?(%r{[/\\]|\.\.})
+      raise "Invalid config name: #{name}" if name.match?(%r{[/\\]|\.\.})
       Store.hdel("#{scope}__config__#{tool}", name)
       LocalMode.delete_tool_config(scope, tool, name) if local_mode
     end

openc3/python/openc3/models/tool_config_model.py

@@ -9,12 +9,15 @@
 # This file may also be used under the terms of a commercial license
 # if purchased from OpenC3, Inc.
 
+import re
 from typing import Any
 
 from openc3.environment import OPENC3_SCOPE
 from openc3.utilities.local_mode import LocalMode
 from openc3.utilities.store import Store
 
+PATH_TRAVERSAL_PATTERN = re.compile(r"[/\\]|\.\.")
+
 
 class ToolConfigModel:
     @classmethod
@@ -26,11 +29,17 @@ def config_tool_names(cls, scope: str = OPENC3_SCOPE):
 
     @classmethod
     def list_configs(cls, tool: str, scope: str = OPENC3_SCOPE):
+        if PATH_TRAVERSAL_PATTERN.search(tool):
+            raise RuntimeError(f"Invalid tool name: {tool}")
         keys = Store.hkeys(f"{scope}__config__{tool}")
         return [key.decode() for key in keys]
 
     @classmethod
     def load_config(cls, tool: str, name: str, scope: str = OPENC3_SCOPE):
+        if PATH_TRAVERSAL_PATTERN.search(tool):
+            raise RuntimeError(f"Invalid tool name: {tool}")
+        if PATH_TRAVERSAL_PATTERN.search(name):
+            raise RuntimeError(f"Invalid config name: {name}")
         return Store.hget(f"{scope}__config__{tool}", name).decode()
 
     @classmethod
@@ -42,12 +51,20 @@ def save_config(
         local_mode: bool = True,
         scope: str = OPENC3_SCOPE,
     ):
+        if PATH_TRAVERSAL_PATTERN.search(tool):
+            raise RuntimeError(f"Invalid tool name: {tool}")
+        if PATH_TRAVERSAL_PATTERN.search(name):
+            raise RuntimeError(f"Invalid config name: {name}")
         Store.hset(f"{scope}__config__{tool}", name, data)
         if local_mode:
             LocalMode.save_tool_config(scope, tool, name, data)
 
     @classmethod
     def delete_config(cls, tool: str, name: str, local_mode: bool = True, scope: str = OPENC3_SCOPE):
+        if PATH_TRAVERSAL_PATTERN.search(tool):
+            raise RuntimeError(f"Invalid tool name: {tool}")
+        if PATH_TRAVERSAL_PATTERN.search(name):
+            raise RuntimeError(f"Invalid config name: {name}")
         Store.hdel(f"{scope}__config__{tool}", name)
         if local_mode:
             LocalMode.delete_tool_config(scope, tool, name)

openc3/spec/models/tool_config_model_spec.rb

@@ -43,6 +43,23 @@ module OpenC3
         names = ToolConfigModel.delete_config('toolie', 'namely', local_mode: true, scope: 'DEFAULT')
         expect(names[0]).to match(/.*\/DEFAULT\/tool_config\/toolie\/namely.json.*/)
       end
+
+      it "rejects path traversal in tool name" do
+        expect { ToolConfigModel.save_config('../evil', 'name', '{}', scope: 'DEFAULT') }.to raise_error(RuntimeError, /Invalid tool name/)
+        expect { ToolConfigModel.save_config('evil/sub', 'name', '{}', scope: 'DEFAULT') }.to raise_error(RuntimeError, /Invalid tool name/)
+        expect { ToolConfigModel.save_config('evil\\sub', 'name', '{}', scope: 'DEFAULT') }.to raise_error(RuntimeError, /Invalid tool name/)
+        expect { ToolConfigModel.delete_config('../evil', 'name', scope: 'DEFAULT') }.to raise_error(RuntimeError, /Invalid tool name/)
+        expect { ToolConfigModel.load_config('../evil', 'name', scope: 'DEFAULT') }.to raise_error(RuntimeError, /Invalid tool name/)
+        expect { ToolConfigModel.list_configs('../evil', scope: 'DEFAULT') }.to raise_error(RuntimeError, /Invalid tool name/)
+      end
+
+      it "rejects path traversal in config name" do
+        expect { ToolConfigModel.save_config('tool', '../../etc/passwd', '{}', scope: 'DEFAULT') }.to raise_error(RuntimeError, /Invalid config name/)
+        expect { ToolConfigModel.save_config('tool', 'sub/dir', '{}', scope: 'DEFAULT') }.to raise_error(RuntimeError, /Invalid config name/)
+        expect { ToolConfigModel.save_config('tool', 'sub\\dir', '{}', scope: 'DEFAULT') }.to raise_error(RuntimeError, /Invalid config name/)
+        expect { ToolConfigModel.delete_config('tool', '../evil', scope: 'DEFAULT') }.to raise_error(RuntimeError, /Invalid config name/)
+        expect { ToolConfigModel.load_config('tool', '../evil', scope: 'DEFAULT') }.to raise_error(RuntimeError, /Invalid config name/)
+      end
     end
   end
 end