From e9ee686ab6c5c99d895d80951336613f248f6560 Mon Sep 17 00:00:00 2001
From: Seth Troisi <sethtroisi@google.com>
Date: Thu, 24 Jul 2025 16:05:13 -0700
Subject: [PATCH] Sanitize checkpoint tags (#4813)

---
 packages/core/src/core/logger.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/packages/core/src/core/logger.ts b/packages/core/src/core/logger.ts
index e857bd46..450a0d2f 100644
--- a/packages/core/src/core/logger.ts
+++ b/packages/core/src/core/logger.ts
@@ -238,6 +238,12 @@ export class Logger {
     if (!this.geminiDir) {
       throw new Error('Checkpoint file path not set.');
     }
+    // Sanitize tag to prevent directory traversal attacks
+    tag = tag.replace(/[^a-zA-Z0-9-_]/g, '');
+    if (!tag) {
+      console.error('Sanitized tag is empty setting to "default".');
+      tag = 'default';
+    }
     return path.join(this.geminiDir, `checkpoint-${tag}.json`);
   }