feat: validate copy src paths are relative and within context directory by mishushakov · Pull Request #1106 · e2b-dev/E2B

mishushakov · 2026-01-29T14:49:44Z

Add path validation to the copy method in both JS and Python SDKs to ensure source paths are always relative and don't escape the context directory.

This prevents:

Absolute paths like /absolute/whatever (Unix) or C:\whatever (Windows)
Path traversal attacks like ../whatever or ./foo/../../../bar

The validation works cross-platform using Node's path.isAbsolute/normalize and Python's os.path.isabs/normpath plus PureWindowsPath for detecting Windows paths on Unix.

Note

Medium Risk
Changes behavior of copy/copy_items to throw earlier for previously-accepted absolute or escaping paths, which could break some consumers; logic is localized and well-covered by tests.

Overview
Prevents path traversal in template copy operations by validating src is relative and does not escape the context directory (rejects absolute paths and ..-based escapes) in both the JS and Python SDKs.

Updates copyItems/copy_items error handling to preserve the caller’s stack trace when validation fails, adds unit coverage for the new path validator plus new stack-trace tests for absolute-path failures, and ships as patch releases via a changeset.

^{Written by Cursor Bugbot for commit c1a8eb9. This will update automatically on new commits. Configure here.}

Add path validation to the copy method in both JS and Python SDKs to ensure source paths are always relative and don't escape the context directory. This prevents: - Absolute paths like /absolute/whatever (Unix) or C:\whatever (Windows) - Path traversal attacks like ../whatever or ./foo/../../../bar The validation works cross-platform using Node's path.isAbsolute/normalize and Python's os.path.isabs/normpath plus PureWindowsPath for detecting Windows paths on Unix. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

changeset-bot · 2026-01-29T14:49:49Z

🦋 Changeset detected

Latest commit: c1a8eb9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
@e2b/python-sdk	Patch
e2b	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Keep only the unit tests for validateRelativePath. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9c49e71beb

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

packages/js-sdk/src/template/utils.ts

Use path.win32.isAbsolute() in addition to path.isAbsolute() to ensure Windows-style absolute paths (C:\foo, \\server\share) are rejected on all platforms, not just Windows. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

packages/js-sdk/src/template/utils.ts

The escape check now correctly distinguishes between: - Path escapes like '../foo' (rejected) - Valid filenames like '..myconfig' (allowed) Changed from `startsWith('..')` to checking for '..' followed by a path separator. Also added cross-platform Windows path escape detection using path.win32/ntpath to catch '..\' escapes on Unix. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

packages/js-sdk/tests/template/stacktrace.test.ts

packages/js-sdk/src/template/index.ts

Remove copyAbsolute/copy_absolute entries from failure maps since the corresponding tests don't invoke the build process that uses them. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

When copyItems calls copy internally, the stack trace captured in copy points to SDK internals rather than the user's copyItems call site. Now copyItems validates all paths with its own stack trace before delegating to copy, so validation errors point to user code. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

packages/js-sdk/src/template/index.ts

packages/python-sdk/e2b/template/main.py

jakubno

This looks much better! Can we simplify it even little bit more by not doing windows path resolution on unix and vice versa?

can you add tests for the issue we had before ./a/./../../b?

packages/js-sdk/src/template/utils.ts

packages/python-sdk/e2b/template/main.py

Rely on Node's path.isAbsolute/normalize and Python's os.path.isabs/normpath instead of explicitly checking Windows paths on all platforms. Windows path tests now only run on Windows. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Move the repeated TracebackType construction pattern into a reusable make_traceback() function in template/utils.py, simplifying 7 call sites in main.py. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

mishushakov and others added 8 commits January 29, 2026 15:54

accept

27dc3d9

lint & fmt

81ad8f0

commit

438914e

chore: remove template.copy integration tests

5bba5a5

Keep only the unit tests for validateRelativePath. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

format

73c7ed3

added stacktrace test

cb72b68

test: add test case for ./.. path escape

411bad9

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

fmt

9c49e71

mishushakov marked this pull request as ready for review January 29, 2026 15:35

mishushakov requested review from ValentaTomas and jakubno as code owners January 29, 2026 15:35

chatgpt-codex-connector bot reviewed Jan 29, 2026

View reviewed changes

packages/js-sdk/src/template/utils.ts Outdated Show resolved Hide resolved