From e6cd0786b05945ef00f3b73128d1ca5f2d8aa503 Mon Sep 17 00:00:00 2001
From: ThankNIXlater <267577058+ThankNIXlater@users.noreply.github.com>
Date: Sat, 21 Mar 2026 16:47:03 +0100
Subject: [PATCH] fix(security): validate trashDir input to prevent SSH command
 injection

---
 src/app/api/gateway/agent-state/route.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/app/api/gateway/agent-state/route.ts b/src/app/api/gateway/agent-state/route.ts
index d57d514c..6241c304 100644
--- a/src/app/api/gateway/agent-state/route.ts
+++ b/src/app/api/gateway/agent-state/route.ts
@@ -87,6 +87,10 @@ export async function PUT(request: Request) {
     if (!trimmedTrash) {
       return NextResponse.json({ error: "trashDir is required." }, { status: 400 });
     }
+    const SAFE_TRASH_DIR_RE = /^[a-zA-Z0-9_.~\/-]+$/;
+    if (!SAFE_TRASH_DIR_RE.test(trimmedTrash)) {
+      return NextResponse.json({ error: "trashDir contains invalid characters." }, { status: 400 });
+    }
     if (!isSafeAgentId(trimmedAgent)) {
       return NextResponse.json({ error: `Invalid agentId: ${trimmedAgent}` }, { status: 400 });
     }