fix: harden security validation and deduplicate logic

Author: jpoehnelt

.changeset/harden-security-validation.md

@@ -0,0 +1,5 @@
+---
+"@googleworkspace/cli": patch
+---
+
+Security: Harden validate_resource_name and fix Gmail watch path traversal

AGENTS.md

@@ -125,7 +125,7 @@ let url = format!("{}?q={}", base_url, user_query);
 When a user-supplied string is used as a GCP resource identifier (project ID, topic name, space name, etc.) that gets embedded in a URL path, validate it first:
 
 ```rust
-// Validates the string contains only safe characters (alphanumeric, hyphens, underscores, dots, slashes)
+// Validates the string does not contain path traversal segments (`..`), control characters, or URL-breaking characters like `?` and `#`.
 let project = crate::helpers::validate_resource_name(&project_id)?;
 let url = format!("https://pubsub.googleapis.com/v1/projects/{}/topics/my-topic", project);
 ```

src/generate_skills.rs

@@ -68,7 +68,9 @@ struct SkillIndexEntry {
 /// Entry point for `gws generate-skills`.
 pub async fn handle_generate_skills(args: &[String]) -> Result<(), GwsError> {
     let output_dir = parse_output_dir(args);
-    let output_path = Path::new(&output_dir);
+    // Validate output_dir to prevent path traversal
+    let output_path_buf = crate::validate::validate_safe_output_dir(&output_dir)?;
+    let output_path = output_path_buf.as_path();
     let filter = parse_filter(args);
     let mut index: Vec<SkillIndexEntry> = Vec::new();
 

src/helpers/calendar.rs

@@ -302,7 +302,7 @@ async fn handle_agenda(matches: &ArgMatches) -> Result<(), GwsError> {
             async move {
                 let events_url = format!(
                     "https://www.googleapis.com/calendar/v3/calendars/{}/events",
-                    crate::helpers::encode_path_segment(&cal.id),
+                    crate::validate::encode_path_segment(&cal.id),
                 );
 
                 let resp = crate::client::send_with_retry(|| {

src/helpers/events/renew.rs

@@ -37,7 +37,7 @@ pub(super) async fn handle_renew(
 
     if let Some(name) = config.name {
         // Reactivate a specific subscription
-        let name = crate::helpers::validate_resource_name(&name)?;
+        let name = crate::validate::validate_resource_name(&name)?;
         eprintln!("Reactivating subscription: {name}");
         let resp = client
             .post(format!(
@@ -79,7 +79,7 @@ pub(super) async fn handle_renew(
             let to_renew = filter_subscriptions_to_renew(subs, now, within_secs);
 
             for name in to_renew {
-                let name = crate::helpers::validate_resource_name(&name)?;
+                let name = crate::validate::validate_resource_name(&name)?;
                 eprintln!("Renewing {name}...");
                 let _ = client
                     .post(format!(

src/helpers/events/subscribe.rs

@@ -48,7 +48,7 @@ fn parse_subscribe_args(matches: &ArgMatches) -> Result<SubscribeConfig, GwsErro
         builder.project(Some(ProjectId(project)));
     }
     if let Some(subscription) = matches.get_one::<String>("subscription") {
-        crate::helpers::validate_resource_name(subscription)?;
+        crate::validate::validate_resource_name(subscription)?;
         builder.subscription(Some(SubscriptionName(subscription.clone())));
     }
     if let Some(max_messages) = matches
@@ -124,7 +124,7 @@ pub(super) async fn handle_subscribe(
             // Full setup: create Pub/Sub topic + subscription + Workspace Events subscription
             let target = config.target.clone().unwrap();
             let project =
-                crate::helpers::validate_resource_name(&config.project.clone().unwrap().0)?
+                crate::validate::validate_resource_name(&config.project.clone().unwrap().0)?
                     .to_string();
             let event_types_str: Vec<&str> =
                 config.event_types.iter().map(|s| s.as_str()).collect();

src/helpers/gmail/watch.rs

@@ -37,9 +37,9 @@ pub(super) async fn handle_watch(
 
         let suffix = format!("{:08x}", rand::random::<u32>());
         let topic = if let Some(ref t) = config.topic {
-            crate::helpers::validate_resource_name(t)?.to_string()
+            crate::validate::validate_resource_name(t)?.to_string()
         } else {
-            let project = crate::helpers::validate_resource_name(&project)?;
+            let project = crate::validate::validate_resource_name(&project)?;
             let t = format!("projects/{project}/topics/gws-gmail-watch-{suffix}");
             // Create Pub/Sub topic
             eprintln!("Creating Pub/Sub topic: {t}");
@@ -98,7 +98,7 @@ pub(super) async fn handle_watch(
             t
         };
 
-        let project = crate::helpers::validate_resource_name(&project)?;
+        let project = crate::validate::validate_resource_name(&project)?;
         let sub = format!("projects/{project}/subscriptions/gws-gmail-watch-{suffix}");
 
         // 3. Create Pub/Sub subscription
@@ -209,14 +209,15 @@ pub(super) async fn handle_watch(
             eprintln!("\nCleaning up Pub/Sub resources...");
             let _ = client
                 .delete(format!(
-                    "https://pubsub.googleapis.com/v1/{pubsub_subscription}"
+                    "https://pubsub.googleapis.com/v1/{}",
+                    pubsub_subscription
                 ))
                 .bearer_auth(&pubsub_token)
                 .send()
                 .await;
             if let Some(ref topic) = topic_name {
                 let _ = client
-                    .delete(format!("https://pubsub.googleapis.com/v1/{topic}"))
+                    .delete(format!("https://pubsub.googleapis.com/v1/{}", topic))
                     .bearer_auth(&pubsub_token)
                     .send()
                     .await;
@@ -229,9 +230,9 @@ pub(super) async fn handle_watch(
                 pubsub_subscription
             );
             if let Some(ref topic) = topic_name {
-                eprintln!("Pub/Sub topic: {topic}");
+                eprintln!("Pub/Sub topic: {}", topic);
             }
-            eprintln!("Pub/Sub subscription: {pubsub_subscription}");
+            eprintln!("Pub/Sub subscription: {}", pubsub_subscription);
             eprintln!("Note: Gmail watch expires after 7 days. Re-run +watch to renew.");
         }
     }
@@ -432,7 +433,10 @@ async fn fetch_and_output_messages(
                 let json_str =
                     serde_json::to_string_pretty(&full_msg).unwrap_or_else(|_| "{}".to_string());
                 if let Some(dir) = output_dir {
-                    let path = dir.join(format!("{msg_id}.json"));
+                    let path = dir.join(format!(
+                        "{}.json",
+                        crate::validate::encode_path_segment(&msg_id)
+                    ));
                     if let Err(e) = std::fs::write(&path, &json_str) {
                         eprintln!("Warning: failed to write {}: {e}", path.display());
                     } else {

src/helpers/mod.rs

@@ -63,156 +63,3 @@ pub fn get_helper(service: &str) -> Option<Box<dyn Helper>> {
         _ => None,
     }
 }
-
-// ---------------------------------------------------------------------------
-// URL safety helpers
-// ---------------------------------------------------------------------------
-
-/// Percent-encode a value for use as a single URL path segment (e.g., file ID,
-/// calendar ID, message ID). All non-alphanumeric characters are encoded.
-pub(crate) fn encode_path_segment(s: &str) -> String {
-    use percent_encoding::{utf8_percent_encode, NON_ALPHANUMERIC};
-    utf8_percent_encode(s, NON_ALPHANUMERIC).to_string()
-}
-
-/// Validate a multi-segment resource name (e.g., `spaces/ABC`, `subscriptions/123`).
-/// Rejects path traversal and control characters while preserving the intentional
-/// `/`-delimited structure. Returns the validated name or an error with a clear
-/// message suitable for LLM callers.
-pub(crate) fn validate_resource_name(s: &str) -> Result<&str, GwsError> {
-    if s.is_empty() {
-        return Err(GwsError::Validation(
-            "Resource name must not be empty".to_string(),
-        ));
-    }
-    if s.split('/').any(|seg| seg == "..") {
-        return Err(GwsError::Validation(format!(
-            "Resource name must not contain path traversal ('..') segments: {s}"
-        )));
-    }
-    if s.contains('\0') || s.chars().any(|c| c.is_control()) {
-        return Err(GwsError::Validation(format!(
-            "Resource name contains invalid characters: {s}"
-        )));
-    }
-    // Reject URL-special characters that could inject query params or fragments
-    if s.contains('?') || s.contains('#') {
-        return Err(GwsError::Validation(format!(
-            "Resource name must not contain '?' or '#': {s}"
-        )));
-    }
-    Ok(s)
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    // -- encode_path_segment --------------------------------------------------
-
-    #[test]
-    fn test_encode_path_segment_plain_id() {
-        assert_eq!(encode_path_segment("abc123"), "abc123");
-    }
-
-    #[test]
-    fn test_encode_path_segment_email() {
-        // Calendar IDs are often email addresses
-        let encoded = encode_path_segment("user@gmail.com");
-        assert!(!encoded.contains('@'));
-        assert!(!encoded.contains('.'));
-    }
-
-    #[test]
-    fn test_encode_path_segment_query_injection() {
-        // LLM might include query params in an ID by mistake
-        let encoded = encode_path_segment("fileid?fields=name");
-        assert!(!encoded.contains('?'));
-        assert!(!encoded.contains('='));
-    }
-
-    #[test]
-    fn test_encode_path_segment_fragment_injection() {
-        let encoded = encode_path_segment("fileid#section");
-        assert!(!encoded.contains('#'));
-    }
-
-    #[test]
-    fn test_encode_path_segment_path_traversal() {
-        // Encoding makes traversal segments harmless
-        let encoded = encode_path_segment("../../etc/passwd");
-        assert!(!encoded.contains('/'));
-        assert!(!encoded.contains(".."));
-    }
-
-    #[test]
-    fn test_encode_path_segment_unicode() {
-        // LLM might pass unicode characters
-        let encoded = encode_path_segment("日本語ID");
-        assert!(!encoded.contains('日'));
-    }
-
-    #[test]
-    fn test_encode_path_segment_spaces() {
-        let encoded = encode_path_segment("my file id");
-        assert!(!encoded.contains(' '));
-    }
-
-    #[test]
-    fn test_encode_path_segment_already_encoded() {
-        // LLM might double-encode by passing pre-encoded values
-        let encoded = encode_path_segment("user%40gmail.com");
-        // The % itself gets encoded to %25, so %40 becomes %2540
-        // This prevents double-encoding issues at the HTTP layer
-        assert!(encoded.contains("%2540"));
-    }
-
-    // -- validate_resource_name -----------------------------------------------
-
-    #[test]
-    fn test_validate_resource_name_valid() {
-        assert!(validate_resource_name("spaces/ABC123").is_ok());
-        assert!(validate_resource_name("subscriptions/my-sub").is_ok());
-        assert!(validate_resource_name("@default").is_ok());
-        assert!(validate_resource_name("projects/p1/topics/t1").is_ok());
-    }
-
-    #[test]
-    fn test_validate_resource_name_traversal() {
-        assert!(validate_resource_name("../../etc/passwd").is_err());
-        assert!(validate_resource_name("spaces/../other").is_err());
-        assert!(validate_resource_name("..").is_err());
-    }
-
-    #[test]
-    fn test_validate_resource_name_control_chars() {
-        assert!(validate_resource_name("spaces/\0bad").is_err());
-        assert!(validate_resource_name("spaces/\nbad").is_err());
-        assert!(validate_resource_name("spaces/\rbad").is_err());
-        assert!(validate_resource_name("spaces/\tbad").is_err());
-    }
-
-    #[test]
-    fn test_validate_resource_name_empty() {
-        assert!(validate_resource_name("").is_err());
-    }
-
-    #[test]
-    fn test_validate_resource_name_query_injection() {
-        // LLMs might append query strings or fragments to resource names
-        assert!(validate_resource_name("spaces/ABC?key=val").is_err());
-        assert!(validate_resource_name("spaces/ABC#fragment").is_err());
-    }
-
-    #[test]
-    fn test_validate_resource_name_error_messages_are_clear() {
-        let err = validate_resource_name("").unwrap_err();
-        assert!(err.to_string().contains("must not be empty"));
-
-        let err = validate_resource_name("../bad").unwrap_err();
-        assert!(err.to_string().contains("path traversal"));
-
-        let err = validate_resource_name("bad\0id").unwrap_err();
-        assert!(err.to_string().contains("invalid characters"));
-    }
-}

src/helpers/workflows.rs

@@ -383,7 +383,7 @@ async fn handle_meeting_prep(matches: &ArgMatches) -> Result<(), GwsError> {
 
     let events_url = format!(
         "https://www.googleapis.com/calendar/v3/calendars/{}/events",
-        crate::helpers::encode_path_segment(calendar_id),
+        crate::validate::encode_path_segment(calendar_id),
     );
     let events_json = get_json(
         &client,
@@ -459,7 +459,7 @@ async fn handle_email_to_task(matches: &ArgMatches) -> Result<(), GwsError> {
     // 1. Fetch the email
     let msg_url = format!(
         "https://gmail.googleapis.com/gmail/v1/users/me/messages/{}",
-        crate::helpers::encode_path_segment(message_id),
+        crate::validate::encode_path_segment(message_id),
     );
     let msg_json = get_json(
         &client,
@@ -495,7 +495,7 @@ async fn handle_email_to_task(matches: &ArgMatches) -> Result<(), GwsError> {
         "notes": format!("From email: {}\n\n{}", message_id, snippet),
     });
 
-    let tasklist = crate::helpers::validate_resource_name(tasklist)?;
+    let tasklist = crate::validate::validate_resource_name(tasklist)?;
     let task_url = format!(
         "https://tasks.googleapis.com/tasks/v1/lists/{}/tasks",
         tasklist,
@@ -628,7 +628,7 @@ async fn handle_file_announce(matches: &ArgMatches) -> Result<(), GwsError> {
     // 1. Fetch file metadata from Drive
     let file_url = format!(
         "https://www.googleapis.com/drive/v3/files/{}",
-        crate::helpers::encode_path_segment(file_id),
+        crate::validate::encode_path_segment(file_id),
     );
     let file_json = get_json(
         &client,
@@ -653,7 +653,7 @@ async fn handle_file_announce(matches: &ArgMatches) -> Result<(), GwsError> {
         .unwrap_or_else(|| format!("📎 {file_name}\n{file_link}"));
 
     let chat_body = json!({ "text": msg_text });
-    let space = crate::helpers::validate_resource_name(space)?;
+    let space = crate::validate::validate_resource_name(space)?;
     let chat_url = format!("https://chat.googleapis.com/v1/{}/messages", space);
 
     let chat_resp = client