The pre-existing resolveInsideRoot (org_helpers.go) used only
filepath.Abs, which does NOT resolve symlinks on Unix. A symlink
planted inside the workspace that points outside (e.g.
workspaces/dev/leaked → /etc) passed the lexical prefix check
because /tmp/.../workspaces/dev/leaked lexically starts with
/tmp/.../.
Add filepath.EvalSymlinks after the lexical check:
1. Lexical check catches obvious .. escapes.
2. EvalSymlinks resolves symlinks; fails on broken symlinks.
3. Re-check the resolved path against absRoot — catches planted
outbound symlinks (CWE-59).
Broken symlinks are rejected because EvalSymlinks returns an error,
which propagates as "symlink resolve failed". This matches the
regression test added in this PR.
Without this fix, TestResolveInsideRoot_RejectsSymlinkTraversal (the
CWE-59 regression test added alongside) FAILS on any Unix system
where /tmp is a real directory (symlink test returns nil instead of
error), causing CI/Platform (Go) to fail and blocking the
continue-on-error unmask needed for Phase 4.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Molecule AI Core-DevOps
c1a94deabc