admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-16 17:46:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): Handle non-existing files when checking if it is a symlink (#18010)

Browse Source
This commit is contained in:
RomanDavydchuk
2025-08-06 12:51:23 +03:00
committed by GitHub
parent 6046d24c74
commit 49f3115429
2 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts
View File

@@ -160,6 +160,26 @@ describe('isFilePathBlocked', () => {
);
expect(await isFilePathBlocked(allowedPath)).toBe(true);
});
it('should handle non-existent file when it is allowed', async () => {
const filePath = '/non/existent/file';
const error = new Error('ENOENT');
// @ts-expect-error undefined property
error.code = 'ENOENT';
(fsRealpath as jest.Mock).mockRejectedValueOnce(error);
expect(await isFilePathBlocked(filePath)).toBe(false);
});
it('should handle non-existent file when it is not allowed', async () => {
const filePath = '/non/existent/file';
const allowedPath = '/some/allowed/path';
process.env[RESTRICT_FILE_ACCESS_TO] = allowedPath;
const error = new Error('ENOENT');
// @ts-expect-error undefined property
error.code = 'ENOENT';
(fsRealpath as jest.Mock).mockRejectedValueOnce(error);
expect(await isFilePathBlocked(filePath)).toBe(true);
});
});
describe('getFileSystemHelperFunctions', () => {

13
packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts
View File

@@ -8,6 +8,7 @@ import {
writeFile as fsWriteFile,
realpath as fsRealpath,
} from 'node:fs/promises';
import { resolve } from 'node:path';
import {
BINARY_DATA_STORAGE_PATH,
@@ -34,7 +35,17 @@ const getAllowedPaths = () => {
export async function isFilePathBlocked(filePath: string): Promise<boolean> {
const allowedPaths = getAllowedPaths();
const resolvedFilePath = await fsRealpath(filePath);
let resolvedFilePath = '';
try {
resolvedFilePath = await fsRealpath(filePath);
} catch (error) {
// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
if (error.code === 'ENOENT') {
resolvedFilePath = resolve(filePath);
} else {
throw error;
}
}
const blockFileAccessToN8nFiles = process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] !== 'false';
const restrictedPaths = blockFileAccessToN8nFiles ? getN8nRestrictedPaths() : [];