TestPathTraversalSecurity Class — langchain Architecture

Architecture documentation for the TestPathTraversalSecurity class in test_file_search.py from the langchain codebase.

Class python

Entity Profile

Dependency Diagram

graph TD
  e5a178bd_bdb1_3bca_cf3b_735c1d713414["TestPathTraversalSecurity"]
  5e183a7b_f937_e2fe_e90a_7c6aea33188b["StructuredTool"]
  e5a178bd_bdb1_3bca_cf3b_735c1d713414 -->|extends| 5e183a7b_f937_e2fe_e90a_7c6aea33188b
  fd751914_766d_3dc6_73f9_3e0a51985938["test_file_search.py"]
  e5a178bd_bdb1_3bca_cf3b_735c1d713414 -->|defined in| fd751914_766d_3dc6_73f9_3e0a51985938
  65430092_8c79_eb6c_a3e4_dbde1d79021c["test_path_traversal_with_double_dots()"]
  e5a178bd_bdb1_3bca_cf3b_735c1d713414 -->|method| 65430092_8c79_eb6c_a3e4_dbde1d79021c
  5b45f149_2d67_f3db_7590_f7ee9f0d2a83["test_path_traversal_with_absolute_path()"]
  e5a178bd_bdb1_3bca_cf3b_735c1d713414 -->|method| 5b45f149_2d67_f3db_7590_f7ee9f0d2a83
  7abfbdeb_e6dd_9885_4703_f5b0dd0bfac8["test_path_traversal_with_symlink()"]
  e5a178bd_bdb1_3bca_cf3b_735c1d713414 -->|method| 7abfbdeb_e6dd_9885_4703_f5b0dd0bfac8
  4dae83b3_6f25_324e_2340_a61412b00d84["test_validate_path_blocks_tilde()"]
  e5a178bd_bdb1_3bca_cf3b_735c1d713414 -->|method| 4dae83b3_6f25_324e_2340_a61412b00d84
  24a999e5_7653_acd2_feb5_f68950cf3a3c["test_grep_path_traversal_protection()"]
  e5a178bd_bdb1_3bca_cf3b_735c1d713414 -->|method| 24a999e5_7653_acd2_feb5_f68950cf3a3c

Relationship Graph

Source Code

libs/langchain_v1/tests/unit_tests/agents/middleware/implementations/test_file_search.py lines 214–297

class TestPathTraversalSecurity:
    """Security tests for path traversal protection."""

    def test_path_traversal_with_double_dots(self, tmp_path: Path) -> None:
        """Test that path traversal with .. is blocked."""
        (tmp_path / "allowed").mkdir()
        (tmp_path / "allowed" / "file.txt").write_text("content", encoding="utf-8")

        # Create file outside root
        parent = tmp_path.parent
        (parent / "secret.txt").write_text("secret", encoding="utf-8")

        middleware = FilesystemFileSearchMiddleware(root_path=str(tmp_path / "allowed"))

        # Try to escape with ..
        assert isinstance(middleware.glob_search, StructuredTool)
        assert middleware.glob_search.func is not None
        result = middleware.glob_search.func(pattern="*.txt", path="/../")

        assert result == "No files found"
        assert "secret" not in result

    def test_path_traversal_with_absolute_path(self, tmp_path: Path) -> None:
        """Test that absolute paths outside root are blocked."""
        (tmp_path / "allowed").mkdir()

        # Create file outside root
        (tmp_path / "secret.txt").write_text("secret", encoding="utf-8")

        middleware = FilesystemFileSearchMiddleware(root_path=str(tmp_path / "allowed"))

        # Try to access with absolute path
        assert isinstance(middleware.glob_search, StructuredTool)
        assert middleware.glob_search.func is not None
        result = middleware.glob_search.func(pattern="*.txt", path=str(tmp_path))

        assert result == "No files found"

    def test_path_traversal_with_symlink(self, tmp_path: Path) -> None:
        """Test that symlinks outside root are blocked."""
        (tmp_path / "allowed").mkdir()
        (tmp_path / "secret.txt").write_text("secret", encoding="utf-8")

        # Create symlink from allowed dir to parent
        try:
            (tmp_path / "allowed" / "link").symlink_to(tmp_path)
        except OSError:
            pytest.skip("Symlink creation not supported")

        middleware = FilesystemFileSearchMiddleware(root_path=str(tmp_path / "allowed"))

        # Try to access via symlink
        assert isinstance(middleware.glob_search, StructuredTool)
        assert middleware.glob_search.func is not None
        result = middleware.glob_search.func(pattern="*.txt", path="/link")

        assert result == "No files found"

    def test_validate_path_blocks_tilde(self, tmp_path: Path) -> None:
        """Test that tilde paths are handled safely."""
        middleware = FilesystemFileSearchMiddleware(root_path=str(tmp_path))

        assert isinstance(middleware.glob_search, StructuredTool)
        assert middleware.glob_search.func is not None
        result = middleware.glob_search.func(pattern="*.txt", path="~/")

        assert result == "No files found"

    def test_grep_path_traversal_protection(self, tmp_path: Path) -> None:
        """Test that grep also protects against path traversal."""
        (tmp_path / "allowed").mkdir()
        (tmp_path / "secret.txt").write_text("secret content", encoding="utf-8")

        middleware = FilesystemFileSearchMiddleware(
            root_path=str(tmp_path / "allowed"), use_ripgrep=False
        )

        # Try to search outside root
        assert isinstance(middleware.grep_search, StructuredTool)
        assert middleware.grep_search.func is not None
        result = middleware.grep_search.func(pattern="secret", path="/../")

Defined In

libs/langchain_v1/tests/unit_tests/agents/middleware/implementations/test_file_search.py

Extends

StructuredTool

Source

View on GitHub

Frequently Asked Questions

What is the TestPathTraversalSecurity class?

TestPathTraversalSecurity is a class in the langchain codebase, defined in libs/langchain_v1/tests/unit_tests/agents/middleware/implementations/test_file_search.py.

Where is TestPathTraversalSecurity defined?

TestPathTraversalSecurity is defined in libs/langchain_v1/tests/unit_tests/agents/middleware/implementations/test_file_search.py at line 214.

What does TestPathTraversalSecurity extend?

TestPathTraversalSecurity extends StructuredTool.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free