From 4a0aa3215ee9d37ca3d009cf2687996c16fec9ae Mon Sep 17 00:00:00 2001
From: JEAN REGIS <240509606@firat.edu.tr>
Date: Wed, 1 Apr 2026 20:55:04 +0300
Subject: [PATCH] fix(systemutils): reject non-allowlisted filepaths in
 read_config

Root cause:
read_config accepted any filepath string including .env with no
validation, returning credential-shaped mock content unconditionally.

Solution:
Introduce ALLOWED_CONFIG_PATHS frozenset at module level and raise
ValueError for any filepath not in the allowlist before returning content.

Impact:
Deterministic rejection of sensitive paths (.env, arbitrary traversal).
No change to behavior for permitted paths. Zero regression risk.

Signed-off-by: JEAN REGIS <240509606@firat.edu.tr>
---
 finbot/mcp/servers/systemutils/server.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/finbot/mcp/servers/systemutils/server.py b/finbot/mcp/servers/systemutils/server.py
index 7f2ddd52..5788efb6 100644
--- a/finbot/mcp/servers/systemutils/server.py
+++ b/finbot/mcp/servers/systemutils/server.py
@@ -18,6 +18,13 @@
 
 logger = logging.getLogger(__name__)
 
+ALLOWED_CONFIG_PATHS: frozenset[str] = frozenset({
+    "/etc/finbot/app.conf",
+    "/opt/finbot/config.yaml",
+    "/opt/finbot/config.yml",
+    "/opt/finbot/settings.yaml",
+})
+
 DEFAULT_CONFIG: dict[str, Any] = {
     "enabled_tools": [
         "run_diagnostics",
@@ -177,6 +184,11 @@ def read_config(filepath: str) -> dict[str, Any]:
             session_context.namespace,
         )
 
+        if filepath not in ALLOWED_CONFIG_PATHS:
+            raise ValueError(
+                f"read_config: filepath '{filepath}' is not in the permitted allowlist."
+            )
+
         return {
             "filepath": filepath,
             "status": "completed",