fix: prevent path traversal in git resolver pathInRepo parameter

The git resolver's pathInRepo parameter was not validated for path
traversal, allowing a tenant to read arbitrary files from the resolver
pod's filesystem by supplying paths like '../../../../etc/passwd' or
'../../../../var/run/secrets/kubernetes.io/serviceaccount/token'.

The resolved file contents were then written into
resolutionrequest.status.data (base64-encoded), creating an
exfiltration channel. Since the resolver pod's ServiceAccount typically
has broad RBAC permissions (including read access to secrets), this
could lead to full privilege escalation.

The fix adds two layers of defense:

1. Validate pathInRepo in PopulateDefaultParams() to reject paths
   containing '..' components. Leading slashes are stripped for
   backwards compatibility (filepath.Join already handles them safely).

2. Switch getFileContent() to use 'git show HEAD:<path>' to read files
   from git's object store instead of os.ReadFile from the filesystem.
   Symlinks are resolved via filepath.EvalSymlinks before computing the
   relative path for git show, so in-repo symlinks work correctly while
   escape symlinks produce paths that git show rejects.

Unit and e2e regression tests are added for traversal patterns,
symlink escapes, and valid leading-slash paths.

The vulnerability was introduced in commit 318006c when the git
resolver switched from go-git's in-memory filesystem (memfs) to
shelling out to git and reading files with os.ReadFile(). All releases
from v1.0.0 through v1.10.0 are affected.

Fixes: GHSA-j5q5-j9gm-2w5c

Author: vdemeester

pkg/resolution/resolver/git/repository.go

@@ -134,11 +134,52 @@ func (repo *repository) execGit(ctx context.Context, subCmd string, args ...stri
 	return out, err
 }
 
-func (repo *repository) getFileContent(path string) ([]byte, error) {
+func (repo *repository) getFileContent(givenPath string) ([]byte, error) {
 	if _, err := os.Stat(repo.directory); errors.Is(err, os.ErrNotExist) {
 		return nil, fmt.Errorf("repository clone no longer exists, used after cleaned? %w", err)
 	}
-	fileContents, err := os.ReadFile(filepath.Join(repo.directory, path))
+
+	// Resolve repo.directory itself so that filepath.Rel produces correct
+	// results on platforms where the temp directory is a symlink (e.g.
+	// macOS /tmp -> /private/tmp).
+	repoDir, err := filepath.EvalSymlinks(repo.directory)
+	if err != nil {
+		return nil, fmt.Errorf("failed to resolve repository directory: %w", err)
+	}
+
+	absPath, err := filepath.Abs(filepath.Join(repoDir, givenPath))
+	if err != nil {
+		return nil, err
+	}
+
+	// Resolve symlinks so that in-repo symlinks work correctly while
+	// symlinks that escape the repo are caught by the containment check.
+	resolvedPath, err := filepath.EvalSymlinks(absPath)
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			return nil, errors.New("file does not exist")
+		}
+		return nil, err
+	}
+
+	absPath, err = filepath.Abs(resolvedPath)
+	if err != nil {
+		return nil, err
+	}
+
+	relativePath, err := filepath.Rel(repoDir, absPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to resolve relative path: %w", err)
+	}
+
+	// Detect path traversal attempts — the relative path should never
+	// start with ".." after symlink resolution. Log a specific message
+	// so administrators can set up alerts for attempted exploits.
+	if containsDotDot(relativePath) {
+		return nil, fmt.Errorf("path %q attempts to escape the repository directory (possible path traversal attack)", givenPath)
+	}
+
+	fileContents, err := os.ReadFile(absPath)
 	if err != nil {
 		if errors.Is(err, os.ErrNotExist) {
 			return nil, errors.New("file does not exist")

pkg/resolution/resolver/git/repository_test.go

@@ -20,7 +20,9 @@ package git
 import (
 	"context"
 	"encoding/base64"
+	"os"
 	"os/exec"
+	"path/filepath"
 	"reflect"
 	"slices"
 	"testing"
@@ -170,3 +172,203 @@ func TestCheckout(t *testing.T) {
 		})
 	}
 }
+
+func TestGetFileContent(t *testing.T) {
+	// Create a file outside any repo to simulate a sensitive target.
+	sensitiveDir := t.TempDir()
+	sensitiveFile := filepath.Join(sensitiveDir, "sa-token")
+	if err := os.WriteFile(sensitiveFile, []byte("stolen-credential"), 0o644); err != nil {
+		t.Fatal(err)
+	}
+
+	// Create a real git repository with a tracked file.
+	// Resolve the temp dir so filepath.Rel works on platforms where /tmp
+	// is a symlink (e.g. macOS /tmp -> /private/tmp).
+	repoDir, _ := createTestRepo(t, []commitForRepo{
+		{Dir: "tasks", Filename: "example.yaml", Content: "valid content"},
+	})
+	// Add a symlink that escapes and commit it.
+	gitCmd := getGitCmd(t, repoDir)
+	if err := os.Symlink(sensitiveFile, filepath.Join(repoDir, "escape-link")); err != nil {
+		t.Fatal(err)
+	}
+	if out, err := gitCmd("add", "escape-link").Output(); err != nil {
+		t.Fatalf("git add symlink: %q: %v", out, err)
+	}
+	// Add a nested symlink escape.
+	nestedDir := filepath.Join(repoDir, "subdir")
+	if err := os.MkdirAll(nestedDir, 0o755); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Symlink(sensitiveFile, filepath.Join(nestedDir, "nested-link")); err != nil {
+		t.Fatal(err)
+	}
+	if out, err := gitCmd("add", "subdir/nested-link").Output(); err != nil {
+		t.Fatalf("git add nested symlink: %q: %v", out, err)
+	}
+	if out, err := gitCmd("commit", "-m", "add symlinks").Output(); err != nil {
+		t.Fatalf("git commit: %q: %v", out, err)
+	}
+
+	repo := &repository{directory: repoDir}
+
+	tests := []struct {
+		name    string
+		path    string
+		wantErr bool
+	}{
+		{
+			name: "valid relative path",
+			path: "tasks/example.yaml",
+		},
+		{
+			name:    "path traversal with dot-dot",
+			path:    "../../etc/passwd",
+			wantErr: true,
+		},
+		{
+			name:    "path traversal to parent",
+			path:    "../secret",
+			wantErr: true,
+		},
+		{
+			name:    "path traversal deeply nested",
+			path:    "../../../../var/run/secrets/kubernetes.io/serviceaccount/token",
+			wantErr: true,
+		},
+		{
+			name:    "path traversal embedded",
+			path:    "tasks/../../../../../../etc/passwd",
+			wantErr: true,
+		},
+		{
+			name:    "non-existent file",
+			path:    "does-not-exist.yaml",
+			wantErr: true,
+		},
+		{
+			name:    "symlink escaping repo directory",
+			path:    "escape-link",
+			wantErr: true,
+		},
+		{
+			name:    "symlink in subdirectory escaping repo",
+			path:    filepath.Join("subdir", "nested-link"),
+			wantErr: true,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			content, err := repo.getFileContent(tc.path)
+			if tc.wantErr {
+				if err == nil {
+					t.Fatalf("expected error, got nil (content: %q)", string(content))
+				}
+			} else {
+				if err != nil {
+					t.Fatalf("unexpected error: %v", err)
+				}
+			}
+		})
+	}
+}
+
+// TestGetFileContent_SymlinkEscape_RealGitRepo creates a real git
+// repository with a committed symlink that points outside the repo,
+// clones it, checks out the revision, and verifies that getFileContent
+// rejects the symlink path. This exercises the full clone → checkout →
+// read flow with an actual git repository.
+func TestGetFileContent_SymlinkEscape_RealGitRepo(t *testing.T) {
+	// Create a sensitive file outside any repo to simulate a target.
+	sensitiveDir := t.TempDir()
+	sensitiveFile := filepath.Join(sensitiveDir, "sa-token")
+	if err := os.WriteFile(sensitiveFile, []byte("stolen-credential"), 0o644); err != nil {
+		t.Fatal(err)
+	}
+
+	// Create a git repository with a normal file and a symlink escape.
+	repoDir, _ := createTestRepo(t, []commitForRepo{
+		{Filename: "task.yaml", Content: "apiVersion: tekton.dev/v1\nkind: Task"},
+	})
+
+	// Add a symlink that points to the sensitive file and commit it.
+	gitCmd := getGitCmd(t, repoDir)
+	symlinkPath := filepath.Join(repoDir, "escape-link")
+	if err := os.Symlink(sensitiveFile, symlinkPath); err != nil {
+		t.Fatalf("failed to create symlink: %v", err)
+	}
+	if out, err := gitCmd("add", "escape-link").Output(); err != nil {
+		t.Fatalf("git add symlink failed: %q: %v", out, err)
+	}
+	if out, err := gitCmd("commit", "-m", "add symlink escape").Output(); err != nil {
+		t.Fatalf("git commit symlink failed: %q: %v", out, err)
+	}
+
+	// Also add a symlink in a subdirectory.
+	subdir := filepath.Join(repoDir, "configs")
+	if err := os.MkdirAll(subdir, 0o755); err != nil {
+		t.Fatal(err)
+	}
+	nestedSymlink := filepath.Join(subdir, "nested-escape")
+	if err := os.Symlink(sensitiveFile, nestedSymlink); err != nil {
+		t.Fatalf("failed to create nested symlink: %v", err)
+	}
+	if out, err := gitCmd("add", "configs/nested-escape").Output(); err != nil {
+		t.Fatalf("git add nested symlink failed: %q: %v", out, err)
+	}
+	if out, err := gitCmd("commit", "-m", "add nested symlink escape").Output(); err != nil {
+		t.Fatalf("git commit nested symlink failed: %q: %v", out, err)
+	}
+
+	// Clone the repo (as the resolver would) and checkout main.
+	ctx := t.Context()
+	repo, cleanup, err := remote{url: repoDir}.clone(ctx)
+	if err != nil {
+		t.Fatalf("failed to clone test repo: %v", err)
+	}
+	defer cleanup()
+
+	if err := repo.checkout(ctx, "main"); err != nil {
+		t.Fatalf("failed to checkout main: %v", err)
+	}
+
+	// Verify a normal file can be read.
+	content, err := repo.getFileContent("task.yaml")
+	if err != nil {
+		t.Fatalf("expected to read normal file, got error: %v", err)
+	}
+	if !contains(string(content), "tekton.dev") {
+		t.Fatalf("unexpected content: %s", content)
+	}
+
+	// Verify the symlink escape is blocked.
+	tests := []struct {
+		name string
+		path string
+	}{
+		{name: "top-level symlink escape", path: "escape-link"},
+		{name: "nested symlink escape", path: "configs/nested-escape"},
+	}
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			content, err := repo.getFileContent(tc.path)
+			if err == nil {
+				t.Fatalf("symlink escape was NOT blocked — read %d bytes: %q", len(content), string(content))
+			}
+		})
+	}
+}
+
+func contains(s, substr string) bool {
+	return len(s) >= len(substr) && searchSubstring(s, substr)
+}
+
+func searchSubstring(s, substr string) bool {
+	for i := 0; i <= len(s)-len(substr); i++ {
+		if s[i:i+len(substr)] == substr {
+			return true
+		}
+	}
+	return false
+}

pkg/resolution/resolver/git/resolver.go

@@ -21,6 +21,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"path/filepath"
 	"regexp"
 	"strings"
 	"time"
@@ -157,6 +158,17 @@ func validateRepoURL(url string) bool {
 	return re.MatchString(url)
 }
 
+// containsDotDot checks if a path contains ".." components that could be
+// used for path traversal. It handles both Unix and Windows separators.
+func containsDotDot(path string) bool {
+	for _, part := range strings.Split(filepath.ToSlash(path), "/") {
+		if part == ".." {
+			return true
+		}
+	}
+	return false
+}
+
 type GitResolver struct {
 	KubeClient kubernetes.Interface
 	Logger     *zap.SugaredLogger
@@ -399,7 +411,16 @@ func PopulateDefaultParams(ctx context.Context, params []pipelinev1.Param) (map[
 		return nil, fmt.Errorf("invalid git repository url: %s", paramsMap[UrlParam])
 	}
 
-	// TODO(sbwsg): validate pathInRepo is valid relative pathInRepo
+	// Validate pathInRepo cannot escape the repository directory via
+	// traversal (e.g. "../../etc/passwd"). Leading slashes are stripped
+	// for backwards compatibility — filepath.Join already handles them
+	// safely by treating them as relative to the base directory.
+	pathValue := paramsMap[PathParam]
+	pathValue = strings.TrimLeft(pathValue, "/")
+	paramsMap[PathParam] = pathValue
+	if containsDotDot(pathValue) {
+		return nil, fmt.Errorf("invalid path %q: must not contain '..' components", pathValue)
+	}
 	return paramsMap, nil
 }
 

pkg/resolution/resolver/git/resolver_test.go

@@ -110,6 +110,14 @@ func TestValidateParams(t *testing.T) {
 				RevisionParam: "baz",
 			},
 		},
+		{
+			name: "leading slash is stripped",
+			params: map[string]string{
+				UrlParam:      "https://foo/bar/hello/moto",
+				PathParam:     "/task/git-clone/0.10/git-clone.yaml",
+				RevisionParam: "baz",
+			},
+		},
 		{
 			name: "bad url",
 			params: map[string]string{
@@ -193,6 +201,38 @@ func TestValidateParams_Failure(t *testing.T) {
 				RepoParam:     "foo",
 			},
 			expectedErr: "'org' is required when 'repo' is specified",
+		}, {
+			name: "path traversal with dot-dot",
+			params: map[string]string{
+				RevisionParam: "abcd1234",
+				PathParam:     "../../etc/passwd",
+				UrlParam:      "https://github.com/tektoncd/catalog",
+			},
+			expectedErr: `invalid path "../../etc/passwd": must not contain '..' components`,
+		}, {
+			name: "path traversal deeply nested",
+			params: map[string]string{
+				RevisionParam: "abcd1234",
+				PathParam:     "../../../../var/run/secrets/kubernetes.io/serviceaccount/token",
+				UrlParam:      "https://github.com/tektoncd/catalog",
+			},
+			expectedErr: `invalid path "../../../../var/run/secrets/kubernetes.io/serviceaccount/token": must not contain '..' components`,
+		}, {
+			name: "path traversal with leading dot-dot",
+			params: map[string]string{
+				RevisionParam: "abcd1234",
+				PathParam:     "../secret",
+				UrlParam:      "https://github.com/tektoncd/catalog",
+			},
+			expectedErr: `invalid path "../secret": must not contain '..' components`,
+		}, {
+			name: "path traversal embedded dot-dot",
+			params: map[string]string{
+				RevisionParam: "abcd1234",
+				PathParam:     "foo/../../../etc/passwd",
+				UrlParam:      "https://github.com/tektoncd/catalog",
+			},
+			expectedErr: `invalid path "foo/../../../etc/passwd": must not contain '..' components`,
 		},
 	}
 

test/resolvers_test.go

@@ -276,11 +276,15 @@ func TestGitResolver_Clone_Failure(t *testing.T) {
 		}, {
 			name:        "path does not exist",
 			pathInRepo:  "/task/banana/55.55/banana.yaml",
-			expectedErr: "error opening file \"/task/banana/55.55/banana.yaml\": file does not exist",
+			expectedErr: "error opening file \"task/banana/55.55/banana.yaml\": file does not exist",
 		}, {
 			name:        "commit does not exist",
 			commit:      "abcd0123",
 			expectedErr: "git fetch error: fatal: couldn't find remote ref abcd0123: exit status 128",
+		}, {
+			name:        "path traversal with dot-dot",
+			pathInRepo:  "../../../../etc/passwd",
+			expectedErr: `invalid path "../../../../etc/passwd": must not contain '..' components`,
 		},
 	}