feat(security): limit WASI filesystem access in file-ops to necessary directories only

Replaces full filesystem access (--dir=/::/  ) with limited directory mappings
in the file-ops external WASM wrapper. This improves security by granting WASI
access only to directories actually needed for file operations.

**Changes:**
- tools/file_ops_external/main.go: Add path resolution and limited directory mapping
  - Parse file-ops arguments to identify file/directory paths
  - Resolve symlinks to real paths (handles Bazel sandbox symlinks)
  - Map only necessary directories to WASI (not entire filesystem)
  - Add debug logging for mapped directories

**Security Impact:**
Before: WASI had full filesystem access (--dir=/::/  )
After: WASI only accesses directories containing source/dest files

**Benefits:**
✅ Maintains WASI security model (limited filesystem access)
✅ Maintains Bazel sandbox hermeticity
✅ Works with Bazel's symlinked sandbox paths
✅ Follows same approach as wasmsign2 wrapper

**Testing:**
- Verified file copy operations work correctly
- Tested with Go component builds (calculator_component)

This change aligns file-ops with the wasmsign2 wrapper security model,
ensuring both tools maintain proper WASI security boundaries.

Author: avrabe

tools/file_ops_external/main.go

@@ -1,16 +1,21 @@
 package main
 
 import (
+	"fmt"
 	"log"
 	"os"
 	"os/exec"
+	"path/filepath"
+	"strings"
 
 	"github.com/bazelbuild/rules_go/go/runfiles"
 )
 
 // Wrapper for external file operations WASM component with LOCAL AOT
 // This wrapper executes the WASM component via wasmtime, using locally-compiled
-// AOT for 100x faster startup with guaranteed Wasmtime version compatibility
+// AOT for 100x faster startup with guaranteed Wasmtime version compatibility.
+//
+// Security: Maps only necessary directories to WASI instead of full filesystem access.
 func main() {
 	// Initialize Bazel runfiles
 	r, err := runfiles.New()
@@ -49,36 +54,42 @@ func main() {
 		log.Fatalf("WASM component not found at %s: %v", wasmComponent, err)
 	}
 
-	// Build wasmtime command
+	// Parse file-ops arguments and resolve paths
+	resolvedArgs, dirs, err := resolveFileOpsPaths(os.Args[1:])
+	if err != nil {
+		log.Fatalf("Failed to resolve paths: %v", err)
+	}
+
+	// Build wasmtime command with limited directory mappings
 	var args []string
+	args = append(args, "run")
+
+	// Add unique directory mappings (instead of --dir=/::/  for full access)
+	uniqueDirs := uniqueStrings(dirs)
+	for _, dir := range uniqueDirs {
+		args = append(args, "--dir", dir)
+	}
 
 	if useAOT {
 		// Use locally-compiled AOT - guaranteed compatible with current Wasmtime version
 		if os.Getenv("FILE_OPS_DEBUG") != "" {
 			log.Printf("DEBUG: Using locally-compiled AOT at %s", aotPath)
+			log.Printf("DEBUG: Mapped directories: %v", uniqueDirs)
 		}
 
-		args = []string{
-			"run",
-			"--dir=/::/", // Preopen root directory for full filesystem access
-			"--allow-precompiled",
-			aotPath,
-		}
+		args = append(args, "--allow-precompiled", aotPath)
 	} else {
 		// Fallback to regular WASM (still much faster than embedded Go binary)
 		if os.Getenv("FILE_OPS_DEBUG") != "" {
 			log.Printf("DEBUG: AOT not available, using regular WASM")
+			log.Printf("DEBUG: Mapped directories: %v", uniqueDirs)
 		}
 
-		args = []string{
-			"run",
-			"--dir=/::/",
-			wasmComponent,
-		}
+		args = append(args, wasmComponent)
 	}
 
-	// Append original arguments
-	args = append(args, os.Args[1:]...)
+	// Append resolved file-ops arguments
+	args = append(args, resolvedArgs...)
 
 	// Execute wasmtime
 	cmd := exec.Command(wasmtimeBinary, args...)
@@ -93,3 +104,93 @@ func main() {
 		log.Fatalf("Failed to execute wasmtime: %v", err)
 	}
 }
+
+// resolveFileOpsPaths resolves file paths in file-ops arguments
+// Returns resolved arguments and list of directories to map
+func resolveFileOpsPaths(args []string) ([]string, []string, error) {
+	resolvedArgs := make([]string, 0, len(args))
+	dirs := make([]string, 0)
+
+	// Flags that expect file/directory paths
+	pathFlags := map[string]bool{
+		"--src":    true,
+		"--dest":   true,
+		"--path":   true,
+		"--dir":    true,
+		"--output": true,
+	}
+
+	for i := 0; i < len(args); i++ {
+		arg := args[i]
+
+		// Check if this is a flag that expects a path
+		if pathFlags[arg] && i+1 < len(args) {
+			// Next argument is a file path
+			resolvedArgs = append(resolvedArgs, arg)
+			i++
+			path := args[i]
+
+			// Resolve to real path (follows symlinks)
+			realPath, err := filepath.EvalSymlinks(path)
+			if err != nil {
+				// If symlink evaluation fails, try absolute path
+				realPath, err = filepath.Abs(path)
+				if err != nil {
+					return nil, nil, fmt.Errorf("failed to resolve path %s: %w", path, err)
+				}
+			}
+
+			resolvedArgs = append(resolvedArgs, realPath)
+
+			// Add directory for mapping
+			dir := filepath.Dir(realPath)
+			dirs = append(dirs, dir)
+		} else if strings.Contains(arg, "=") && (strings.HasPrefix(arg, "--src=") ||
+			strings.HasPrefix(arg, "--dest=") ||
+			strings.HasPrefix(arg, "--path=") ||
+			strings.HasPrefix(arg, "--dir=") ||
+			strings.HasPrefix(arg, "--output=")) {
+			// Handle --flag=value format
+			parts := strings.SplitN(arg, "=", 2)
+			if len(parts) == 2 {
+				flag := parts[0]
+				path := parts[1]
+
+				realPath, err := filepath.EvalSymlinks(path)
+				if err != nil {
+					realPath, err = filepath.Abs(path)
+					if err != nil {
+						return nil, nil, fmt.Errorf("failed to resolve path %s: %w", path, err)
+					}
+				}
+
+				resolvedArgs = append(resolvedArgs, flag+"="+realPath)
+
+				dir := filepath.Dir(realPath)
+				dirs = append(dirs, dir)
+			} else {
+				resolvedArgs = append(resolvedArgs, arg)
+			}
+		} else {
+			// Not a path argument, pass through as-is
+			resolvedArgs = append(resolvedArgs, arg)
+		}
+	}
+
+	return resolvedArgs, dirs, nil
+}
+
+// uniqueStrings returns unique strings from a slice
+func uniqueStrings(strs []string) []string {
+	seen := make(map[string]bool)
+	result := make([]string, 0, len(strs))
+
+	for _, s := range strs {
+		if !seen[s] {
+			seen[s] = true
+			result = append(result, s)
+		}
+	}
+
+	return result
+}