Skip to content

fix(fs): validate paths on all read-side MountableFs APIs#1556

Merged
chaliy merged 1 commit intomainfrom
fix/issue-1548-mountablefs-validation
May 6, 2026
Merged

fix(fs): validate paths on all read-side MountableFs APIs#1556
chaliy merged 1 commit intomainfrom
fix/issue-1548-mountablefs-validation

Conversation

@chaliy
Copy link
Copy Markdown
Contributor

@chaliy chaliy commented May 6, 2026

Summary

MountableFs already calls validate_path() before delegating writes (write_file, append_file, mkdir, remove, rename/copy source, symlink link, chmod, set_modified_time), but the read-side methods (read_file, stat, read_dir, exists, read_link) delegated without validation. With mounted RealFs or third-party FileSystem implementations, this lets a script reach the backend with control-character / depth-limit / length-limit violating paths through any read API — weakening the path-policy boundary and making it a DoS / diagnostic-leak surface.

Why

Closes #1548 (TM-DOS-046 read-side gaps).

How

Add the existing validate_path() guard at the top of every path-taking public FileSystem method on MountableFs. rename/copy already validated both source and destination, so cross-mount semantics stay correct.

Tests

New regression tests in tests/security_audit_pocs.rs covering invalid paths through:

  • read_file
  • stat
  • read_dir
  • exists
  • read_link
  • rename (destination side)
  • copy (destination side)

All 2258 lib tests + the new POC tests pass; existing mount/unmount/access tests unaffected. cargo fmt --check and cargo clippy --all-targets --features http_client -- -D warnings are green.

Generated by Claude Code

@chaliy
fix(fs): validate paths on all read-side MountableFs APIs
4b92405 
read_file, stat, read_dir, exists, and read_link previously delegated
to the underlying backend without calling validate_path() first, so
mounted backends could receive control-character / depth-limit /
length-limit violating paths through any read API. Add the same
validation guard already applied to write_file, mkdir, remove,
rename, copy, symlink, chmod, and set_modified_time.

Closes #1548
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented May 6, 2026

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs		 bashkit 4b92405 Commit Preview URL

Branch Preview URL		 May 06 2026, 09:27 AM

@chaliy chaliy merged commit cdbee1c into main May 6, 2026
34 checks passed
@chaliy chaliy deleted the fix/issue-1548-mountablefs-validation branch May 6, 2026 09:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

security(fs): validate all MountableFs path-taking methods

1 participant

@chaliy