fix(langchain): symlink-following directory traversal in FilesystemFileSearchMiddleware via rglob/glob#35194
Open
corridor-security[bot] wants to merge 1 commit intomasterfrom
Open
Conversation
github-actions
bot
added
external
langchain
John Kennedy (jkennedyvz)
changed the title
John Kennedy (jkennedyvz)
changed the title
Mason Daugherty (mdrxy)
changed the title
FilesystemFileSearchMiddleware via rglob/glob
github-actions
bot
added
fix
|
This PR is missing a linked issue. All external contributions must reference an approved issue or discussion. Please add one of the following to your PR description:
If no issue exists yet, open one and wait for maintainer approval before proceeding. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR was generated by Corridor to fix:
Changes
These changes mitigate a high-severity symlink traversal by resolving each discovered path to its real filesystem location and validating it remains under the configured root in both the glob/rglob and _python_search code paths. The fix uses Path.resolve(), a try/except around relative_to(self.root_path), and derives the virtual path from the resolved path (with stat follow_symlinks=False); the same resolve-then-validate approach is applied before any I/O, and the changes are surgical, touching only the two affected code paths and preserving public interfaces.
Generated by Corridor