From 986a6ff3719a899238e68aec39fe7838ec6c8b20 Mon Sep 17 00:00:00 2001
From: A <258483684+la14-1@users.noreply.github.com>
Date: Sun, 22 Feb 2026 15:10:28 -0800
Subject: [PATCH] fix: add remote path validation to GCP uploadFile (missing vs
 all other providers) (#1760)

All 6 other cloud providers (Fly, Hetzner, DigitalOcean, AWS, Sprite, Daytona)
validate remotePath with an allowlist regex before passing it to scp. GCP's
uploadFile had no validation at all, breaking the defense-in-depth pattern.

Adds the same allowlist check (^[a-zA-Z0-9/_.~$-]+$) plus dotdot check.
The regex includes $ to allow $HOME prefix paths used by agent-setup.ts.

Agent: code-health

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 cli/src/gcp/gcp.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cli/src/gcp/gcp.ts b/cli/src/gcp/gcp.ts
index 296bc5ce..4f6cafce 100644
--- a/cli/src/gcp/gcp.ts
+++ b/cli/src/gcp/gcp.ts
@@ -920,6 +920,10 @@ export async function runServerCapture(cmd: string, timeoutSecs?: number): Promi
 }
 
 export async function uploadFile(localPath: string, remotePath: string): Promise<void> {
+  if (!/^[a-zA-Z0-9/_.~$-]+$/.test(remotePath) || remotePath.includes("..")) {
+    logError(`Invalid remote path: ${remotePath}`);
+    throw new Error("Invalid remote path");
+  }
   const username = resolveUsername();
   // Expand $HOME on remote side
   const expandedPath = remotePath.replace(/^\$HOME/, "~");