Fix sandbox bypass and frontend/backend desync in file explorer#280
Merged
Edwardvaneechoud merged 2 commits intomainfrom Jan 31, 2026
Merged
Fix sandbox bypass and frontend/backend desync in file explorer#280Edwardvaneechoud merged 2 commits intomainfrom
Edwardvaneechoud merged 2 commits intomainfrom
Conversation
The file browser would get out of sync between frontend and backend when navigating up past the home directory. The backend silently returned the home directory contents instead of an error, while the frontend updated its path state to the requested (parent) directory. This caused all subsequent navigation to break. Three changes: - In Electron mode, remove the sandbox restriction so users can browse the entire filesystem (matching the existing validate_path_under_cwd behavior for desktop apps) - SecureFileExplorer now raises PermissionError instead of silently falling back to the sandbox root when the path is outside the sandbox - Frontend navigateToPath reverts to the previous directory on failure instead of showing an error state, keeping the browser usable Also fixes a missing 'raise' on HTTPException in the directory_contents error handler. https://claude.ai/code/session_01TtjvcF8KWykkB1o6mStB5L
✅ Deploy Preview for flowfile-wasm canceled.
|
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Covers the new Electron/non-Electron mode branching and error handling: - Electron mode allows browsing any readable directory - Non-Electron mode blocks access outside sandbox (403) - Non-Electron mode allows access inside sandbox (200) - Non-existent directory returns 404 https://claude.ai/code/session_01TtjvcF8KWykkB1o6mStB5L
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes a critical security and UX issue in the file explorer where invalid paths could cause frontend/backend state desynchronization. The changes enforce strict sandbox validation and improve error handling across the stack.
Key Changes
Backend validation (funcs.py): Changed
SecureFileExplorerto raisePermissionErrorwhen initial path is outside sandbox, instead of silently falling back to sandbox root. This prevents silent state mismatches between frontend and backend.Route error handling (routes.py):
PermissionErrorhandling to return HTTP 403raisestatement for 404 exceptionFrontend resilience (fileBrowser.vue):
navigateToPath()to gracefully handle navigation failuresImplementation Details
The fix ensures that when a user attempts to navigate to a restricted path:
PermissionErrorThis approach prioritizes user experience while maintaining security boundaries.