Fix: Windows Security Vulnerability and Test Failures

[Tahir-yamin]

Description

This issue tracks critical fixes for Windows support and test reliability:

1. Security Vulnerability: tools/src/aden_tools/.../security.py allows sandbox escape on Windows because lstrip(os.sep) fails to remove the leading slash from absolute paths like /etc/passwd when os.sep is \.
2. Test Failure: test_credentials.py fails on fresh installs because it expects optional API keys (Anthropic) to be required.
3. Windows Compatibility: test_file_system_toolkits.py fails on Windows because it attempts to run Unix commands like ls and tr.

Proposed Solution

• Patch security.py to strip both \ and /.
• Update test_credentials.py to assert correct optional behavior.
• Mock subprocess.run in tests to be OS-agnostic.

Assignee

@Tahir-yamin

[mishrapravin114]

@Tahir-yamin Please avoid reporting security vulnerabilities publicly here. Kindly share them via email or follow the repository’s security disclosure process instead.

[Tahir-yamin]

@mishrapravin114 Thank you for the heads-up. I'll follow the security disclosure process for vulnerabilities in the future. I've already shared the fix in PR #1424. Could you @TimothyZhang7 please assign this issue to me @Tahir-yamin so I can reopen the PR and meet the bot requirements?

[Tahir-yamin]

@TimothyZhang7 @mishrapravin114 Just checking in on this. I've prepared the fix in PR #1424. Could you please assign this to me so I can reopen the PR?