* 🔧 fix: Isolate HTTP agents for code-server axios requests
Prevents socket hang up after 5s on Node 19+ when code executor has
file attachments. follow-redirects (axios dep) leaks `socket.destroy`
as a timeout listener on TCP sockets; with Node 19+ defaulting to
keepAlive: true, tainted sockets re-enter the global pool and destroy
active node-fetch requests in CodeExecutor after the idle timeout.
Uses dedicated http/https agents with keepAlive: false for all axios
calls targeting CODE_BASEURL in crud.js and process.js.
Closes#12298
* ♻️ refactor: Extract code-server HTTP agents to shared module
- Move duplicated agent construction from crud.js and process.js into
a shared agents.js module to eliminate DRY violation
- Switch process.js from raw `require('axios')` to `createAxiosInstance()`
for proxy configuration parity with crud.js
- Fix import ordering in process.js (agent constants no longer split imports)
- Add 120s timeout to uploadCodeEnvFile (was the only code-server call
without a timeout)
* ✅ test: Add regression tests for code-server socket isolation
- Add crud.spec.js covering getCodeOutputDownloadStream and
uploadCodeEnvFile (agent options, timeout, URL, error handling)
- Add socket pool isolation tests to process.spec.js asserting
keepAlive:false agents are forwarded to axios
- Update process.spec.js mocks for createAxiosInstance() migration
* ♻️ refactor: Move code-server agents to packages/api
Relocate agents.js from api/server/services/Files/Code/ to
packages/api/src/utils/code.ts per workspace conventions. Consumers
now import codeServerHttpAgent/codeServerHttpsAgent from @librechat/api.
* fix: sanitize artifact filenames to prevent path traversal in code output
* test: Mock sanitizeFilename function in process.spec.js to return the original filename
- Added a mock implementation for the `sanitizeFilename` function in the `process.spec.js` test file to return the original filename, ensuring that tests can run without altering the filename during the testing process.
* fix: use path.relative for traversal check, sanitize all filenames, add security logging
- Replace startsWith with path.relative pattern in saveLocalBuffer, consistent
with deleteLocalFile and getLocalFileStream in the same file
- Hoist sanitizeFilename call before the image/non-image branch so both code
paths store the sanitized name in MongoDB
- Log a warning when sanitizeFilename mutates a filename (potential traversal)
- Log a specific warning when saveLocalBuffer throws a traversal error, so
security events are distinguishable from generic network errors in the catch
* test: improve traversal test coverage and remove mock reimplementation
- Remove partial sanitizeFilename reimplementation from process-traversal tests;
use controlled mock returns to verify processCodeOutput wiring instead
- Add test for image branch sanitization
- Use mkdtempSync for test isolation in crud-traversal to avoid parallel worker
collisions
- Add prefix-collision bypass test case (../user10/evil vs user1 directory)
* fix: use path.relative in isValidPath to prevent prefix-collision bypass
Pre-existing startsWith check without path separator had the same class
of prefix-collision vulnerability fixed in saveLocalBuffer.
