fix: prevent path traversal in file tree and preview APIs #16
+221
−15
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
op7418
requested changes
Feb 8, 2026
Owner
op7418
left a comment
op7418
left a comment
There was a problem hiding this comment.
Review: 需要修改后合并
安全修复方向正确,isPathSafe 逻辑修复有价值。但有两个问题需要解决:
1. 无 baseDir 时跳过校验(严重)
/api/files/route.ts 没有 baseDir 参数时完全不做校验(没有 else 分支),旧版前端调用时仍然没有路径校验。与 /api/files/preview 的 fallback 到 home 目录策略不一致。
建议:无 baseDir 时 fallback 到 os.homedir(),与 preview API 保持一致。
2. baseDir 来自客户端可被伪造(中等)
baseDir 通过 URL 查询参数传入,攻击者可设置 baseDir=/ 绕过所有限制。
建议:如果要做安全修复就应做彻底。理想情况下 baseDir 应从服务端 session 获取。至少应添加白名单校验(如限制在 home 目录子路径下)。
3. 测试清理(轻微)
it('cleanup test fixtures', ...) 应用 afterAll() hook 代替。
代码质量和测试覆盖都很好,修复上述问题后即可合并。
The file tree API (/api/files) and file preview API (/api/files/preview) had ineffective path safety checks that could allow reading arbitrary files on the host system. Issues fixed: - /api/files: isPathSafe(resolvedDir, resolvedDir) always returns true since it compares the directory against itself - /api/files/preview: isPathSafe(dirname, filePath) always returns true since a file is always inside its own parent directory Changes: - Add baseDir parameter to both APIs so the frontend can pass the session's working directory as a trust boundary - When baseDir is provided, validate that the requested path is within it - For /api/files/preview without baseDir, fall back to restricting access to the user's home directory (prevents /etc/passwd etc.) - Add comprehensive unit tests covering path traversal, prefix attacks, symlink escapes, and edge cases (13 tests, all passing) Security: This is a defense-in-depth measure. CodePilot runs locally so the attack surface is limited, but proper validation prevents accidental exposure when the dev server is bound to non-localhost interfaces.
… afterAll Address all 3 points from @op7418's review: 1. No baseDir fallback (severe): Both /api/files and /api/files/preview now fall back to os.homedir() when no baseDir is provided, preventing access to arbitrary system directories/files. 2. baseDir bypass via baseDir=/ (medium): Both APIs now validate that baseDir itself is within the user's home directory. Setting baseDir=/ will be rejected with 403. 3. Test cleanup (minor): Replaced 'it(cleanup...)' with proper after() hook. Added 6 new tests for baseDir validation (18 total, all pass).
liuxiaopai-ai
force-pushed
the
fix/file-api-path-traversal
branch
from
b9134bb to
0f05e4f
Compare
Contributor
Author
|
已按 review 修改并 rebase 到最新 main: 修改内容:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The file tree API (
/api/files) and file preview API (/api/files/preview) have ineffective path safety checks that could allow reading arbitrary files on the host system.Problem
/api/files(file tree)/api/files/preview(file preview)This means requests like
GET /api/files/preview?path=/etc/passwdwill succeed and return the file contents.Fix
baseDirquery parameter to both APIs. The frontend can pass the session'sworkingDirectoryas the trust boundary.baseDiris provided, the requested path is validated to be within it using the existingisPathSafe()function./api/files/previewwithoutbaseDir, falls back to restricting access to the user's home directory (prevents reading system files like/etc/passwd).baseDircontinue to work, with the home directory fallback providing a reasonable safety net.Security Note
CodePilot runs locally so the attack surface is limited, but proper validation prevents accidental exposure when the dev server is bound to non-localhost interfaces or accessed via browser extensions.
Tests
Added 13 unit tests (
src/__tests__/unit/files-security.test.ts) covering:../(blocked)/projectvs/project-evil) (blocked)/etc/passwd) (blocked)All 13 tests pass:
Run with:
npx tsx --test src/__tests__/unit/files-security.test.ts