Skip to content

🛡️ Sentinel: [HIGH] Fix path traversal in path normalization#296

Open
bashandbone wants to merge 1 commit into
mainfrom
sentinel/fix-ts-extractor-path-traversal-10230978156132911460
Open

🛡️ Sentinel: [HIGH] Fix path traversal in path normalization#296
bashandbone wants to merge 1 commit into
mainfrom
sentinel/fix-ts-extractor-path-traversal-10230978156132911460

Conversation

@bashandbone

@bashandbone bashandbone commented Jun 7, 2026
edited by sourcery-ai Bot
Loading

Copy link
Copy Markdown
Contributor

🚨 Severity: HIGH
💡 Vulnerability: The custom path normalization loop in the TypeScriptDependencyExtractor would inadvertently pop RootDir (e.g. /) or Prefix (e.g. C:\) from the underlying path buffer when given .. (std::path::Component::ParentDir). This could allow an attacker or malicious repository to specify module imports that traverse completely outside the intended project constraints.
🎯 Impact: This allowed unauthorized path traversal across system boundaries by circumventing root limitations through maliciously formatted ../ statements, resulting in potentially unintended system file resolutions and extraction leaks.
🔧 Fix: Updated the std::path::Component::ParentDir matching logic to match against components.last(), explicitly guarding against popping RootDir and Prefix while accumulating relative parent directors properly.
✅ Verification: Ensure tests pass via cargo test -p thread-flow and note that test_path.rs was removed to not pollute git history.

PR created automatically by Jules for task 10230978156132911460 started by @bashandbone

Summary by Sourcery

Guard TypeScript dependency path normalization against escaping project roots via parent-directory components and perform minor code cleanups and documentation updates.

Bug Fixes:

  • Prevent path traversal in TypeScript dependency resolution by stopping ParentDir components from popping root or prefix path segments.

Enhancements:

  • Simplify rule engine helper function signatures and adjust minor formatting for better readability.

Documentation:

  • Document the path traversal incident and prevention guidance in .jules/sentinel.md.

@google-labs-jules @bashandbone
🛡️ Sentinel: [HIGH] Fix path traversal in path normalization
f9198e5 
Fixes a path traversal vulnerability in `TypeScriptDependencyExtractor` where malicious or malformed import paths containing `..` (`ParentDir`) components could inadvertently bypass directory boundaries by popping root or prefix path components due to an indiscriminate `components.pop()` implementation. The path normalization logic is now defensive and explicitly preserves root and prefix constraints.

Co-authored-by: bashandbone <89049923+bashandbone@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 7, 2026 18:05
@google-labs-jules

google-labs-jules Bot commented Jun 7, 2026

Copy link
Copy Markdown
Contributor

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

@sourcery-ai

sourcery-ai Bot commented Jun 7, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Reviewer's Guide

Fixes a high-severity path traversal bug in the TypeScript dependency extractor’s custom path normalization by guarding against popping root/prefix components, along with minor refactors/formatting and documentation updates in rule/AST engine code and the security sentinel log.

File-Level Changes

Change Details Files
Harden path normalization in TypeScriptDependencyExtractor to prevent path traversal beyond root/prefix while correctly handling ParentDir components.
  • Replaced blind pop on ParentDir with a match on components.last() to distinguish RootDir, Prefix, Normal, and other components.
  • Prevented ParentDir from removing RootDir or Prefix components by no-oping in those cases.
  • Allowed ParentDir to pop only Normal components and otherwise be pushed when there is no poppable component, preserving leading ParentDir segments.
  • Kept CurDir as a no-op and continued pushing all other components.
 crates/flow/src/incremental/extractors/typescript.rs
Performed small refactors and formatting cleanups in AST and rule engine modules to improve code clarity and lifetime usage.
  • Simplified String::from_utf8 error handling into a single chained expression without changing behavior.
  • Reformatted a long assertion in tree_sitter tests across multiple lines for readability.
  • Removed unnecessary explicit lifetimes from check_var_in_constraints and check_var_in_transform and adjusted argument types to references without named lifetimes.
  • Reformatted Rule::Pattern defined_vars() mapping across multiple lines for readability.
  • Simplified read() in referent_rule Registration by collapsing method chaining into a single expression while preserving behavior.
 crates/ast-engine/src/tree_sitter/mod.rs
crates/rule-engine/src/check_var.rs
crates/rule-engine/src/rule/mod.rs
crates/rule-engine/src/rule/referent_rule.rs
Added a Sentinel security incident note documenting the path traversal vulnerability, its cause, and prevention guidance.
  • Created sentinel markdown entry describing the path traversal issue in path normalization, lessons learned, and future prevention guidance.
 .jules/sentinel.md
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai Bot reviewed Jun 7, 2026
View reviewed changes

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Copilot AI reviewed Jun 7, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aims to remediate a high-severity path normalization/path traversal issue in the TypeScript dependency extractor by preventing .. (Component::ParentDir) handling from popping past filesystem roots/prefixes, and includes a few small formatting/signature cleanups plus an incident note in .jules.

Changes:

  • Harden manual path normalization in TypeScriptDependencyExtractor::resolve_module_path to avoid popping RootDir / Windows Prefix when encountering ParentDir.
  • Minor readability refactors in rule-engine (formatting and lifetime elision).
  • Add a short incident/prevention write-up in .jules/sentinel.md.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
crates/rule-engine/src/rule/referent_rule.rs Collapses a multi-line lock/read/clone sequence into a single line.
crates/rule-engine/src/rule/mod.rs Reformats defined_vars() collection for readability.
crates/rule-engine/src/check_var.rs Simplifies helper signatures by removing unnecessary explicit lifetimes.
crates/flow/src/incremental/extractors/typescript.rs Updates ParentDir handling to preserve root/prefix during manual normalization.
crates/ast-engine/src/tree_sitter/mod.rs Minor formatting cleanup in UTF-8 recovery and an assertion.
.jules/sentinel.md Adds documentation describing the incident and prevention guidance.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread crates/flow/src/incremental/extractors/typescript.rs
Comment on lines +810 to +817
std::path::Component::ParentDir => match components.last() {
Some(std::path::Component::RootDir)
| Some(std::path::Component::Prefix(_)) => {}
Some(std::path::Component::Normal(_)) => {
components.pop();
}
_ => components.push(component),
},
Comment thread crates/flow/src/incremental/extractors/typescript.rs
Comment on lines +810 to +812
std::path::Component::ParentDir => match components.last() {
Some(std::path::Component::RootDir)
| Some(std::path::Component::Prefix(_)) => {}
Comment thread .jules/sentinel.md
Comment on lines +1 to +4
## 2025-02-24 - Path Traversal in Path Normalization
**Vulnerability:** Path traversal vulnerability in TypeScript module resolution where resolving paths with multiple `..` components could pop `RootDir` or `Prefix` components due to indiscriminate `components.pop()`.
**Learning:** Manual path normalization logic using `std::path::Component` needs to handle edge cases explicitly, such as stopping `ParentDir` components from popping root or prefix components, and correctly handling multiple `..` components when at the root or start of a relative path.
**Prevention:** Always check `components.last()` when popping for `ParentDir` and preserve root, prefix, and leading `ParentDir` components. Use established and safe normalization utilities where possible.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bashandbone