Skip to content

fix: with_dynamic_directory path traversal#9162

Merged
mscolnick merged 2 commits into
mainfrom
ms/dynamic-dir-path
Apr 13, 2026
Merged

fix: with_dynamic_directory path traversal#9162
mscolnick merged 2 commits into
mainfrom
ms/dynamic-dir-path

Conversation

@mscolnick

Copy link
Copy Markdown
Contributor

No description provided.

Copilot AI review requested due to automatic review settings April 13, 2026 15:25
@vercel

vercel Bot commented Apr 13, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
marimo-docs Ready Ready Preview, Comment Apr 13, 2026 3:48pm

Request Review

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the with_dynamic_directory ASGI middleware against path traversal attempts when resolving app files from a filesystem directory.

Changes:

  • Added path traversal rejection and “must be within directory” checks when resolving dynamic app file paths.
  • Added regression tests covering raw, encoded, and nested traversal requests.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
marimo/_server/asgi.py Adds directory-containment validation and rejects traversal segments during dynamic file matching.
tests/_server/test_asgi.py Adds a new test validating traversal attempts are blocked (return 404/pass-through).
Comment thread tests/_server/test_asgi.py Outdated
Comment thread marimo/_server/asgi.py Outdated
@mscolnick mscolnick added the bug Something isn't working label Apr 13, 2026
@mscolnick mscolnick merged commit d9cdc57 into main Apr 13, 2026
43 checks passed
@mscolnick mscolnick deleted the ms/dynamic-dir-path branch April 13, 2026 19:28
mscolnick added a commit that referenced this pull request Jun 30, 2026
…ap (#10015)

## Summary

Closes #10012.

`DynamicDirectoryMiddleware` resolved the notebook directory's real path
once at startup and checked every request against that frozen path. When
the directory is reached through a symlink that's atomically re-pointed
at
runtime (atomic deploys, k8s ConfigMap/Secret mounts, git-sync), the
frozen path goes stale and every notebook 404s until the process
restarts. Regression from #9162 in v0.23.2.

Fix: resolve the directory live in `_is_within_directory` instead of
caching it at init. The cache never saved a syscall anyway —
`path.resolve()` already runs on every request.

The #9162 path-traversal protection is unchanged: both sides are still
fully resolved before comparison, so `..` and escaping symlinks are
still
rejected.


<!-- This is an auto-generated description by cubic. -->
<a
href="https://cubic.dev/pr/marimo-team/marimo/pull/10015?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>
<!-- End of auto-generated description by cubic. -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

3 participants