wangbo/ComfyUI
1
0
Fork 0
mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2026-04-20 15:32:32 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

Use commonpath for path traversal check

Browse Source 
Matches the pattern used in folder_paths.py and server.py. The
startswith approach is vulnerable to sibling directory bypasses.
This commit is contained in:
jakelodwick 2026-04-05 19:16:52 -06:00
parent 8088b347d0
commit cf43a3a63e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
comfy_extras/nodes_dataset.py
View File

@ -1453,7 +1453,9 @@ class LoadTrainingDataset(io.ComfyNode):
output_dir = folder_paths.get_output_directory()
dataset_dir = os.path.join(output_dir, folder_name)
# Prevent path traversal (e.g. folder_name="../../etc")
if not os.path.realpath(dataset_dir).startswith(os.path.realpath(output_dir)):
real_output_dir = os.path.realpath(output_dir)
real_dataset_dir = os.path.realpath(dataset_dir)
if os.path.commonpath((real_output_dir, real_dataset_dir)) != real_output_dir:
raise ValueError(f"Invalid folder_name: path traversal detected")
if not os.path.exists(dataset_dir):