.Net: Harden CloudDrivePlugin defaults and add path validation (#13958)

### Description

- Improve default settings in CloudDrivePlugin
- Add path validation for share-link operations
- Improve path canonicalization
- Add regression tests

### Contribution Checklist

- [x] The code builds clean without any errors or warnings
- [x] The PR follows the [SK Contribution
Guidelines](https://github.com/microsoft/semantic-kernel/blob/main/CONTRIBUTING.md)
- [x] The existing tests pass
- [x] New tests added

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: SergeyMenshykh

dotnet/src/Plugins/Plugins.MsGraph/CloudDrivePlugin.cs

@@ -18,19 +18,25 @@ namespace Microsoft.SemanticKernel.Plugins.MsGraph;
 /// </summary>
 /// <remarks>
 /// <para>
-/// This plugin is secure by default. <see cref="AllowedUploadDirectories"/> must be explicitly configured
-/// before any file upload operations are permitted. By default, all local file paths are denied.
+/// This plugin is secure by default. <see cref="AllowedUploadDirectories"/>, <see cref="AllowedUploadDestinationPaths"/>,
+/// <see cref="AllowedReadPaths"/>, and <see cref="AllowedSharePaths"/> must be explicitly configured
+/// before file upload, read, or share-link operations are permitted.
+/// By default, all paths are denied.
 /// </para>
 /// <para>
 /// When exposing this plugin to an LLM via auto function calling, ensure that
-/// <see cref="AllowedUploadDirectories"/> is restricted to trusted values only.
+/// <see cref="AllowedUploadDirectories"/>, <see cref="AllowedUploadDestinationPaths"/>, <see cref="AllowedReadPaths"/>,
+/// and <see cref="AllowedSharePaths"/> are restricted to trusted values only.
 /// </para>
 /// </remarks>
 public sealed class CloudDrivePlugin
 {
     private readonly ICloudDriveConnector _connector;
     private readonly ILogger _logger;
     private HashSet<string> _allowedUploadDirectories = [];
+    private HashSet<string> _allowedSharePaths = [];
+    private HashSet<string> _allowedReadPaths = [];
+    private HashSet<string> _allowedUploadDestinationPaths = [];
 
     /// <summary>
     /// Initializes a new instance of the <see cref="CloudDrivePlugin"/> class.
@@ -59,6 +65,57 @@ public IEnumerable<string> AllowedUploadDirectories
         set => this._allowedUploadDirectories = value is null ? [] : new HashSet<string>(value, StringComparer.OrdinalIgnoreCase);
     }
 
+    /// <summary>
+    /// List of allowed remote directory prefixes for which sharing links may be created.
+    /// A file is permitted if its parent directory starts with (or equals) any entry in this list.
+    /// Subdirectories of allowed paths are also permitted.
+    /// </summary>
+    /// <remarks>
+    /// Defaults to an empty collection (no paths allowed). Must be explicitly populated
+    /// with trusted remote directory paths before any share-link operations will succeed.
+    /// Paths are normalized with forward slashes and dot-segments are collapsed before comparison.
+    /// Matching is case-insensitive (OneDrive paths are case-insensitive).
+    /// </remarks>
+    public IEnumerable<string> AllowedSharePaths
+    {
+        get => this._allowedSharePaths;
+        set => this._allowedSharePaths = value is null ? [] : new HashSet<string>(value, StringComparer.OrdinalIgnoreCase);
+    }
+
+    /// <summary>
+    /// List of allowed remote directory prefixes from which file contents may be read.
+    /// A file is permitted if its parent directory starts with (or equals) any entry in this list.
+    /// Subdirectories of allowed paths are also permitted.
+    /// </summary>
+    /// <remarks>
+    /// Defaults to an empty collection (no paths allowed). Must be explicitly populated
+    /// with trusted remote directory paths before any read operations will succeed.
+    /// Paths are normalized with forward slashes and dot-segments are collapsed before comparison.
+    /// Matching is case-insensitive (OneDrive paths are case-insensitive).
+    /// </remarks>
+    public IEnumerable<string> AllowedReadPaths
+    {
+        get => this._allowedReadPaths;
+        set => this._allowedReadPaths = value is null ? [] : new HashSet<string>(value, StringComparer.OrdinalIgnoreCase);
+    }
+
+    /// <summary>
+    /// List of allowed remote directory prefixes to which files may be uploaded.
+    /// A destination is permitted if its parent directory starts with (or equals) any entry in this list.
+    /// Subdirectories of allowed paths are also permitted.
+    /// </summary>
+    /// <remarks>
+    /// Defaults to an empty collection (no paths allowed). Must be explicitly populated
+    /// with trusted remote directory paths before any upload-destination operations will succeed.
+    /// Paths are normalized with forward slashes and dot-segments are collapsed before comparison.
+    /// Matching is case-insensitive (OneDrive paths are case-insensitive).
+    /// </remarks>
+    public IEnumerable<string> AllowedUploadDestinationPaths
+    {
+        get => this._allowedUploadDestinationPaths;
+        set => this._allowedUploadDestinationPaths = value is null ? [] : new HashSet<string>(value, StringComparer.OrdinalIgnoreCase);
+    }
+
     /// <summary>
     /// Get the contents of a file stored in a cloud drive.
     /// </summary>
@@ -71,6 +128,14 @@ public IEnumerable<string> AllowedUploadDirectories
         CancellationToken cancellationToken = default)
     {
         this._logger.LogDebug("Getting file content for '{0}'", filePath);
+
+        Ensure.NotNullOrWhitespace(filePath, nameof(filePath));
+
+        if (!this.IsAllowedRemotePath(filePath, this._allowedReadPaths))
+        {
+            throw new InvalidOperationException("Reading from the provided path is not allowed. Configure 'AllowedReadPaths' with trusted remote paths to enable reading.");
+        }
+
         Stream? fileContentStream = await this._connector.GetFileContentStreamAsync(filePath, cancellationToken).ConfigureAwait(false);
 
         if (fileContentStream is null)
@@ -104,9 +169,14 @@ public async Task UploadFileAsync(
             throw new ArgumentException("Variable was null or whitespace", nameof(destinationPath));
         }
 
+        if (!this.IsAllowedRemotePath(destinationPath, this._allowedUploadDestinationPaths))
+        {
+            throw new InvalidOperationException("Uploading to the provided remote destination is not allowed. Configure 'AllowedUploadDestinationPaths' with trusted remote paths to enable uploads.");
+        }
+
         Ensure.NotNullOrWhitespace(filePath, nameof(filePath));
 
-        var canonicalPath = Path.GetFullPath(Environment.ExpandEnvironmentVariables(filePath));
+        var canonicalPath = CanonicalizePath(filePath);
 
         if (!this.IsUploadPathAllowed(canonicalPath))
         {
@@ -131,8 +201,15 @@ public async Task<string> CreateLinkAsync(
         CancellationToken cancellationToken = default)
     {
         this._logger.LogDebug("Creating link for '{0}'", filePath);
-        const string Type = "view"; // TODO expose this as an SK variable
-        const string Scope = "anonymous"; // TODO expose this as an SK variable
+        const string Type = "view";
+        const string Scope = "organization";
+
+        Ensure.NotNullOrWhitespace(filePath, nameof(filePath));
+
+        if (!this.IsAllowedRemotePath(filePath, this._allowedSharePaths))
+        {
+            throw new InvalidOperationException("Creating a share link for the provided path is not allowed. Configure 'AllowedSharePaths' with trusted remote paths to enable sharing.");
+        }
 
         return await this._connector.CreateShareLinkAsync(filePath, Type, Scope, cancellationToken).ConfigureAwait(false);
     }
@@ -145,33 +222,123 @@ public async Task<string> CreateLinkAsync(
             : StringComparison.Ordinal;
 
     /// <summary>
-    /// If a list of allowed upload directories has been provided, the directory of the provided filePath is checked
-    /// to verify it is in the allowed directory list. Paths are canonicalized before comparison.
-    /// Subdirectories of allowed directories are also permitted.
+    /// Checks whether the provided remote path falls within one of the allowed remote directory prefixes.
+    /// Paths are normalized with forward slashes, dot-segments are collapsed,
+    /// and compared case-insensitively (OneDrive paths are case-insensitive).
+    /// Subdirectories of allowed paths are permitted.
     /// </summary>
-    private bool IsUploadPathAllowed(string path)
+    private bool IsAllowedRemotePath(string path, HashSet<string> allowedPaths)
     {
         Ensure.NotNullOrWhitespace(path, nameof(path));
 
-        if (path.StartsWith("\\\\", StringComparison.OrdinalIgnoreCase))
+        if (allowedPaths.Count == 0)
+        {
+            return false;
+        }
+
+        // Normalize to forward slashes and collapse dot-segments to prevent traversal bypass.
+        var normalizedPath = NormalizeRemotePath(path);
+
+        foreach (var allowedPath in allowedPaths)
+        {
+            var normalizedAllowed = NormalizeRemotePath(allowedPath);
+            if (!normalizedAllowed.EndsWith("/", StringComparison.Ordinal))
+            {
+                normalizedAllowed += "/";
+            }
+
+            var normalizedDir = normalizedPath;
+            int lastSlash = normalizedDir.LastIndexOf('/');
+            if (lastSlash >= 0)
+            {
+                normalizedDir = normalizedDir.Substring(0, lastSlash);
+            }
+
+            if ((normalizedDir + "/").StartsWith(normalizedAllowed, StringComparison.OrdinalIgnoreCase)
+                || (normalizedDir + "/").Equals(normalizedAllowed, StringComparison.OrdinalIgnoreCase))
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /// <summary>
+    /// Normalizes a remote path by replacing backslashes with forward slashes
+    /// and collapsing "." and ".." segments to prevent traversal bypass.
+    /// </summary>
+    private static string NormalizeRemotePath(string path)
+    {
+        var normalizedPath = path.Replace('\\', '/');
+
+        // Collapse ".." and "." segments to prevent traversal bypass.
+        var segments = normalizedPath.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
+        var stack = new List<string>();
+        foreach (var segment in segments)
+        {
+            if (segment == ".." && stack.Count > 0)
+            {
+                stack.RemoveAt(stack.Count - 1);
+            }
+            else if (segment != "." && segment != "..")
+            {
+                stack.Add(segment);
+            }
+        }
+
+        return "/" + string.Join("/", stack);
+    }
+
+    /// <summary>
+    /// Expands environment variables and resolves the path to its canonical form.
+    /// This must be called before validation to prevent validate/use mismatches.
+    /// </summary>
+    private static string CanonicalizePath(string path)
+    {
+        Ensure.NotNullOrWhitespace(path, nameof(path));
+
+        if (path.StartsWith("\\\\", StringComparison.OrdinalIgnoreCase) ||
+            path.StartsWith("//", StringComparison.OrdinalIgnoreCase))
         {
             throw new ArgumentException("Invalid file path, UNC paths are not supported.", nameof(path));
         }
 
-        string? directoryPath = Path.GetDirectoryName(path);
+        // Expand environment variables first, then canonicalize — so that
+        // validation and I/O operate on the same resolved path.
+        var expanded = Environment.ExpandEnvironmentVariables(path);
+
+        // Re-check after expansion: an env var could have expanded to a UNC
+        // or extended-path prefix (e.g., %NETSHARE% → \\server\share).
+        if (expanded.StartsWith("\\\\", StringComparison.OrdinalIgnoreCase) ||
+            expanded.StartsWith("//", StringComparison.OrdinalIgnoreCase))
+        {
+            throw new ArgumentException("Invalid file path, UNC paths are not supported.", nameof(path));
+        }
+
+        return Path.GetFullPath(expanded);
+    }
+
+    /// <summary>
+    /// Checks whether a canonicalized file path falls within one of the allowed upload directories.
+    /// Subdirectories of allowed directories are also permitted.
+    /// </summary>
+    private bool IsUploadPathAllowed(string canonicalPath)
+    {
+        Ensure.NotNullOrWhitespace(canonicalPath, nameof(canonicalPath));
+
+        string? directoryPath = Path.GetDirectoryName(canonicalPath);
 
         if (string.IsNullOrEmpty(directoryPath))
         {
-            throw new ArgumentException("Invalid file path, a fully qualified file location must be specified.", nameof(path));
+            throw new ArgumentException("Invalid file path, a fully qualified file location must be specified.", nameof(canonicalPath));
         }
 
         if (this._allowedUploadDirectories.Count == 0)
         {
             return false;
         }
 
-        var canonicalDir = Path.GetFullPath(directoryPath);
-
         foreach (var allowedDirectory in this._allowedUploadDirectories)
         {
             var canonicalAllowed = Path.GetFullPath(allowedDirectory);
@@ -181,8 +348,8 @@ private bool IsUploadPathAllowed(string path)
                 canonicalAllowed += separator;
             }
 
-            if (canonicalDir.StartsWith(canonicalAllowed, s_pathComparison)
-                || (canonicalDir + separator).Equals(canonicalAllowed, s_pathComparison))
+            if (directoryPath.StartsWith(canonicalAllowed, s_pathComparison)
+                || (directoryPath + separator).Equals(canonicalAllowed, s_pathComparison))
             {
                 return true;
             }

dotnet/src/Plugins/Plugins.MsGraph/Connectors/OneDriveConnector.cs

@@ -114,7 +114,7 @@ public async Task UploadSmallFileAsync(string filePath, string destinationPath,
     }
 
     /// <inheritdoc/>
-    public async Task<string> CreateShareLinkAsync(string filePath, string type = "view", string scope = "anonymous",
+    public async Task<string> CreateShareLinkAsync(string filePath, string type = "view", string scope = "organization",
         CancellationToken cancellationToken = default)
     {
         Ensure.NotNullOrWhitespace(filePath, nameof(filePath));

dotnet/src/Plugins/Plugins.MsGraph/ICloudDriveConnector.cs

@@ -19,7 +19,7 @@ public interface ICloudDriveConnector
     /// <param name="scope">Scope of the link.</param>
     /// <param name="cancellationToken">The <see cref="CancellationToken"/> to monitor for cancellation requests. The default is <see cref="CancellationToken.None"/>.</param>
     /// <returns>Shareable link.</returns>
-    Task<string> CreateShareLinkAsync(string filePath, string type = "view", string scope = "anonymous", CancellationToken cancellationToken = default);
+    Task<string> CreateShareLinkAsync(string filePath, string type = "view", string scope = "organization", CancellationToken cancellationToken = default);
 
     /// <summary>
     /// Get the content of a file.