🛡️ Sentinel: [CRITICAL] Fix Path validation bypass in SafeStaticFiles#83
🛡️ Sentinel: [CRITICAL] Fix Path validation bypass in SafeStaticFiles#83socialawy-dev wants to merge 1 commit into
Conversation
Co-authored-by: socialawy <24765060+socialawy@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request fixes an AttributeError in the SafeStaticFiles class by ensuring path normalization occurs on a string before Path instantiation and adds a corresponding entry to the security sentinel log. Feedback identifies a potential security bypass in the sensitive file check, noting that the current implementation only validates the filename and not the directory components. It is suggested to use a more robust check across all path parts to prevent access to directories starting with sensitive prefixes like .env.
| p = Path(str(path).lower()) | ||
| if "00_config" in p.parts or p.name.startswith(".env") or ".git" in p.parts: | ||
| raise HTTPException( | ||
| status_code=403, detail="Access denied to sensitive resource" | ||
| ) |
There was a problem hiding this comment.
The current validation logic for .env files only checks the leaf component of the path (p.name). This allows a security bypass where an attacker can access files inside a directory that starts with .env (e.g., .env/config or .env.secrets/credentials), as p.name would be the filename inside the directory rather than the forbidden directory itself.
Additionally, str(path) is redundant since path is already typed as a string in the method signature. Using any() with p.parts provides a more robust and readable check for all forbidden components at any level of the path.
| p = Path(str(path).lower()) | |
| if "00_config" in p.parts or p.name.startswith(".env") or ".git" in p.parts: | |
| raise HTTPException( | |
| status_code=403, detail="Access denied to sensitive resource" | |
| ) | |
| p = Path(path.lower()) | |
| if any(part in ("00_config", ".git") or part.startswith(".env") for part in p.parts): | |
| raise HTTPException( | |
| status_code=403, detail="Access denied to sensitive resource" | |
| ) |
socialawy
deleted the
sentinel-safestaticfiles-path-fix-11890143067958007003
branch
Understood. Acknowledging that this work is a duplicate of #90 and the fix has already been merged. Stopping work on this task. |
2 participants
🚨 Severity: CRITICAL
💡 Vulnerability: SafeStaticFiles calls
.lower()on aPathobject, causing anAttributeError. This breaks the static file serving and potentially bypasses security validations leading to a 500 error instead of failing securely.🎯 Impact: Attackers could cause Denial of Service by sending malformed paths, and security validations could crash, bypassing intended directory restrictions or leaking stack traces.
🔧 Fix: Normalized the path string to lowercase before instantiating the
Pathobject (Path(str(path).lower())) and wrapped the validation in atry...exceptblock to fail securely with a 400 Bad Request on malformed inputs.✅ Verification: Ran
uv run pytest tests/to ensure tests pass and the server can properly serve allowed static files while blocking sensitive files.PR created automatically by Jules for task 11890143067958007003 started by @socialawy