Fix isPathTraversal method to be less strict

[christopherholland-workday]

Related to #5861 and #5326.

Relax isPathTraversal to allow absolute Unix paths in Linux containers

The previous implementation of isPathTraversal blocked any path containing / or , which prevented legitimate absolute paths (e.g. /data/vectorstore) from being used in the Folder document loader node. This caused false positives for users running Flowise in Docker containers with mounted volumes.

What changed

1. Replaced simple string .includes() checks with regex patterns for more precise matching
2. Removed the blanket / and \ blocks — absolute Unix paths like /data/uploads now pass validation
   3.Windows absolute paths (C:), UNC paths (\server), and extended-length paths are still blocked as they are not valid in Linux container environments
3. Added null byte detection (\0, %00) which was missing from the original
4. URL-encoded variants (%2e%2e, %2f, %5c) are still blocked

Security rationale

The function is called in four places. Three of them validate UUID inputs first — a valid UUID can never contain dangerous characters, so the change has no security impact there. The only meaningful call site is Folder.ts, where the path is passed to LangChain's DirectoryLoader. In a containerized deployment, filesystem access is already constrained by Docker volume mounts, so allowing absolute paths shifts the boundary to the OS level (correct) rather than the string validator (too restrictive).

Directory traversal (..) and all encoded equivalents remain blocked.

Unit tests

1. Added missing unit tests for isPathTraversal function

Manual Testing

1. Locally recreated issue from Upsert error - Help!! #5326

2. Made code changes and retried, successfully loaded the files and printed their contents:

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refines the isPathTraversal validation logic to be less restrictive for legitimate use cases, specifically allowing absolute Unix paths within Linux container deployments. The changes aim to prevent false positives that previously blocked valid file access, while simultaneously bolstering security by introducing more robust pattern matching using regular expressions and adding null byte detection. This ensures that users can leverage mounted volumes in Docker without encountering unnecessary validation errors, all while maintaining protection against malicious path traversal attempts.

Highlights

• Path Validation Relaxation: Relaxed the isPathTraversal method to permit absolute Unix paths (e.g., /data/uploads) in Linux container environments, resolving false positives for legitimate file access.
• Improved Pattern Matching: Transitioned from simple string includes() checks to more precise regular expression patterns for detecting dangerous path components, enhancing accuracy and flexibility.
• Enhanced Security Checks: Introduced detection for null bytes (\0, %00) to bolster security against potential injection attacks, which was previously missing.
• Consistent Blocking: Maintained blocking of critical directory traversal patterns (..), URL-encoded equivalents, Windows absolute paths (C:\), and UNC paths (\\server\share) to prevent known vulnerabilities.
• New Unit Tests: Added comprehensive unit tests for the isPathTraversal function, covering a wide range of dangerous and safe path inputs to ensure correct behavior.

Changelog

• packages/components/src/validator.ts
  • Modified the isPathTraversal function to replace string includes checks with regular expression pattern matching.
  • Updated the dangerousPatterns array to include regexes for directory traversal (..), URL encoded variants, null bytes, Windows absolute paths, and UNC paths.
  • Removed blanket blocking of / and \ characters, allowing valid absolute Unix paths to pass validation.
• packages/components/test/validator.test.ts
  • Added a new test suite specifically for the isPathTraversal function.
  • Included parameterized tests to verify that various dangerous patterns correctly return true.
  • Included parameterized tests to verify that safe inputs, including absolute Unix paths and simple filenames, correctly return false.

Activity

• Recreated a reported issue locally where isPathTraversal incorrectly blocked legitimate paths in a Docker environment, as detailed in a GitHub discussion.
• Confirmed the fix by successfully loading files after applying the code changes, resolving the previously encountered error and validating the new logic.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request relaxes the isPathTraversal validation to allow absolute Unix paths, which is useful for Dockerized environments, and updates the implementation to use regular expressions with new unit tests. However, this change significantly increases the attack surface by allowing users to specify arbitrary system directories if the validated path is used in file system operations, potentially leading to Local File Inclusion (LFI) and unauthorized access. A more secure approach would be to restrict access to a whitelist of allowed base directories, similar to validateVectorStorePath. Additionally, a potential path traversal vulnerability was identified due to incomplete handling of mixed-encoded characters for parent directory sequences, which could bypass current validation. Otherwise, the changes are well-structured and the new tests are comprehensive.

[gemini-code-assist]

The relaxation of the isPathTraversal function to allow absolute Unix paths introduces a significant security risk. If used with user-provided paths in file operations, an attacker could specify arbitrary system directories (e.g., /etc, /var, /root) to read sensitive files, leading to Local File Inclusion (LFI) and unauthorized access. Additionally, the current implementation is vulnerable to path traversal attacks using mixed-encoding, such as .%2e/, which decodes to ../. The check for .. only looks for .. literally or fully encoded as %2e%2e, missing mixed cases like .%2e or %2e.. The regex /^[a-zA-Z]:\\/ for blocking Windows paths also has limitations, as it doesn't account for leading whitespace or forward slashes (e.g., C:\ or C:/). To make the validation more robust against mixed-encoding bypasses, consider normalizing %2e to . before checking for ...

export const isPathTraversal = (path: string): boolean => {
    // Check for directory traversal by decoding `%2e` to `.` first.
    // This catches `..`, `.%2e`, `%2e.`, and `%2e%2e`.
    if (/\.\./.test(path.replace(/%2e/ig, '.'))) {
        return true;
    }

    // Allow absolute paths in Linux containers (e.g., /data/...)
    // but block other dangerous patterns.
    const dangerousPatterns = [
        /%2f/i, // URL encoded /
        /%5c/i, // URL encoded \ (Windows path)
        /\0/, // Null bytes
        /^[a-zA-Z]:\\/, // Windows absolute paths (C:\) - not allowed in Linux containers
        /^\\\\[^\\]/, // UNC paths (\\server\) - not allowed in Linux containers
        /%00/i // URL encoded null byte
    ]

    return dangerousPatterns.some((pattern) => pattern.test(path))
}