Mitigate path traversal risk in Obsidian scanner

Skip symbolic links during vault traversal to prevent reading files outside the configured vault directory. This prevents potential path traversal attacks via malicious symlinks. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
author: Peter Stone <thepeterstone@gmail.com> 2026-01-12 13:18:27 -1000
committer: Peter Stone <thepeterstone@gmail.com> 2026-01-12 13:18:27 -1000
commit: 325811c369b77b0a6b15bf81463948a10cb1f658 (patch)
tree: d4e8df4470b8c070924f539fb233badd8ed8e30d /internal
parent: 4c03e9cdd204592e5bcd5deb01035ad85904a2b1 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/internal/api/obsidian.go b/internal/api/obsidian.go
index a8ba80d..413fdd3 100644
--- a/internal/api/obsidian.go
+++ b/internal/api/obsidian.go
@@ -51,6 +51,11 @@ func (c *ObsidianClient) GetNotes(ctx context.Context, limit int) ([]models.Note
 			return nil // Skip files we can't access
 		}
 
+		// Skip symbolic links to prevent path traversal
+		if info.Mode()&os.ModeSymlink != 0 {
+			return nil
+		}
+
 		// Skip directories and non-markdown files
 		if info.IsDir() || !strings.HasSuffix(info.Name(), ".md") {
 			return nil
author	Peter Stone <thepeterstone@gmail.com>	2026-01-12 13:18:27 -1000
committer	Peter Stone <thepeterstone@gmail.com>	2026-01-12 13:18:27 -1000
commit	325811c369b77b0a6b15bf81463948a10cb1f658 (patch)
tree	d4e8df4470b8c070924f539fb233badd8ed8e30d /internal
parent	4c03e9cdd204592e5bcd5deb01035ad85904a2b1 (diff)