mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-03-16 20:56:35 +01:00
ad08df4db6
* 🛡️ fix: Scope agent-author file access to attached files only
The hasAccessToFilesViaAgent helper short-circuited for agent authors,
granting access to all requested file IDs without verifying they were
attached to the agent's tool_resources. This enabled an IDOR where any
agent author could delete arbitrary files by supplying their agent_id
alongside unrelated file IDs.
Now both the author and non-author paths check file IDs against the
agent's tool_resources before granting access.
* chore: Use Object.values/for...of and add JSDoc in getAttachedFileIds
* test: Add boundary cases for agent file access authorization
- Agent with no tool_resources denies all access (fail-closed)
- Files across multiple resource types are all reachable
- Author + isDelete: true still scopes to attached files only
|
||
|---|---|---|
| .. | ||
| Audio | ||
| Azure | ||
| Citations | ||
| Code | ||
| Firebase | ||
| images | ||
| Local | ||
| OpenAI | ||
| S3 | ||
| VectorDB | ||
| index.js | ||
| permissions.js | ||
| process.js | ||
| process.spec.js | ||
| strategies.js | ||