🛡️ Sentinel: [CRITICAL] Fix Path Traversal in Module Resolution

[bashandbone]

🚨 Severity: CRITICAL
💡 Vulnerability: Path traversal existed in resolve_module_path during manual path canonicalization. Vec::pop could pop past the root directory, allowing malicious module specifiers like ../../../../etc/passwd to resolve outside the project workspace.
🎯 Impact: Potential arbitrary file access or information disclosure during AST parsing.
🔧 Fix: Added explicit boundary checks in the std::path::Component::ParentDir match arm to fail securely with ExtractionError::UnresolvedModule if traversal past RootDir or Prefix is attempted, or if the stack is already empty.
✅ Verification: Verified using unit tests and cargo check and manual review of the logic.

---

PR created automatically by Jules for task 11077056978706333419 started by @bashandbone

Summary by Sourcery

Prevent path traversal during TypeScript module resolution by enforcing safe parent-directory handling and recording the security fix in Sentinel documentation.

Bug Fixes:

• Harden TypeScript module path resolution to reject parent-directory traversal that would escape the project root or underflow the component stack.

Documentation:

• Add Sentinel security incident note documenting the path traversal vulnerability, its cause, and the preventive pattern for safe path canonicalization.

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Fixes a critical path traversal vulnerability in TypeScript module resolution by hardening manual path canonicalization against traversing above the workspace root, and documents the issue and remediation in Sentinel notes.

Class diagram for hardened TypeScript module path resolution

classDiagram
class TypeScriptDependencyExtractor {
  resolve_module_path(module_specifier, resolved_path) Result_Path_ExtractionError
}

class ExtractionError {
  UnresolvedModule
}

class Component {
  ParentDir
  CurDir
  RootDir
  Prefix
}

TypeScriptDependencyExtractor --> ExtractionError : uses
TypeScriptDependencyExtractor --> Component : iterates_components
ExtractionError <|-- UnresolvedModule
Component <|-- ParentDir
Component <|-- CurDir
Component <|-- RootDir
Component <|-- Prefix

Loading

Flow diagram for secure ParentDir handling in module resolution

graph TD
  A[Start resolving module path] --> B[Initialize components stack]
  B --> C[Iterate over resolved path components]
  C --> D{Component type}
  D --> E[Push component onto stack]:::okBranch
  D --> F[Ignore CurDir]:::okBranch
  D --> G[Handle ParentDir]

  E --> C
  F --> C

  G --> H{Stack last is RootDir or Prefix?}
  H --> I[Return ExtractionError::UnresolvedModule]:::errorBranch
  H --> J[Attempt to pop from stack]

  J --> K{Pop returned None?}
  K --> I
  K --> C

  D --> L[Other component types]:::okBranch
  L --> E

  C --> M[All components processed]
  M --> N[Build final path from components stack]
  N --> O[Return resolved path]

  classDef okBranch fill:#bbf,stroke:#333,stroke-width:1px;
  classDef errorBranch fill:#fbb,stroke:#333,stroke-width:1px;

Loading

File-Level Changes

Change	Details	Files
Harden manual path canonicalization in TypeScript module resolution to prevent traversal above root or prefix.	Extend ParentDir handling to inspect the last accumulated path component before popping Return ExtractionError::UnresolvedModule when a ParentDir would cross RootDir or Prefix Return ExtractionError::UnresolvedModule if a pop is attempted on an empty component stack Preserve existing behavior for CurDir and normal path components	crates/flow/src/incremental/extractors/typescript.rs
Document the critical path traversal vulnerability and its remediation in Sentinel documentation.	Add Sentinel entry describing the vulnerability in resolve_module_path Capture the learning about Vec::pop behavior when manually canonicalizing paths Describe preventative pattern of explicit boundary checks before popping components	.jules/sentinel.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• The ParentDir handling logic is now a bit dense and repeated (two separate UnresolvedModule returns); consider extracting a small helper (e.g. fn fail_unresolved(module_specifier: &str) -> ExtractionError) or an early-guard function to keep the match arm more readable and less error-prone.
• Since you’re now encoding path traversal constraints manually, it may be worth centralizing this normalization logic (or reusing std::fs::canonicalize / a dedicated path-normalization helper) so other call sites don’t accidentally reimplement slightly different rules.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The `ParentDir` handling logic is now a bit dense and repeated (two separate `UnresolvedModule` returns); consider extracting a small helper (e.g. `fn fail_unresolved(module_specifier: &str) -> ExtractionError`) or an early-guard function to keep the match arm more readable and less error-prone.
- Since you’re now encoding path traversal constraints manually, it may be worth centralizing this normalization logic (or reusing `std::fs::canonicalize` / a dedicated path-normalization helper) so other call sites don’t accidentally reimplement slightly different rules.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[Copilot]

Pull request overview

This PR aims to harden TypeScript/JavaScript module path resolution in thread_flow’s incremental dependency extractor to prevent path traversal during manual normalization of relative imports.

Changes:

• Adds boundary checks when handling .. (Component::ParentDir) during manual path normalization in resolve_module_path.
• Adds a Sentinel note documenting the vulnerability and the intended prevention approach.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
crates/flow/src/incremental/extractors/typescript.rs	Tightens manual .. handling to prevent popping past root/prefix or an empty component stack.
.jules/sentinel.md	Adds incident/learning documentation for the path traversal issue.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The new boundary checks only run in the manual normalization fallback; if resolved.canonicalize() succeeds, a specifier like src/../../../etc/passwd can still resolve outside the intended workspace root (and will bypass these checks). Also, the non-relative “node module” branch builds node_modules/{module_specifier}/index.js without rejecting .. components (e.g. import x from 'pkg/../../etc'), which can also traverse out of node_modules. To fix traversal reliably, apply a consistent lexical normalization/validation step (reject ParentDir, RootDir, Prefix) to the module specifier and/or validate any canonicalized result stays within an allowed base directory.

[Copilot]

This change introduces new error behavior for traversal attempts (e.g. too many .. components), but there doesn’t appear to be a corresponding unit test asserting that resolve_module_path returns ExtractionError::UnresolvedModule for inputs like "src/file.ts" + "../../etc/passwd" (or similar). Please add a regression test so this security boundary stays covered.

[Copilot]

This new Markdown file is not covered by any REUSE.toml annotations (and currently has no SPDX header), so the CI “License Compliance” job using fsfe/reuse-action will likely fail. Add an SPDX license identifier/copyright header to this file (e.g., as an HTML comment at the top) or update REUSE.toml to annotate .jules/**.

[Copilot]

The “Learning” description is technically inaccurate: Vec::pop() does not “silently succeed when popping out of bounds” (it returns None on empty), and the code here is popping from a Vec<Component> rather than from std::path::Components itself. Consider rewording this to accurately describe that popping without checking can remove RootDir/Prefix (or exhaust the component stack) and thereby change an absolute path into a relative one / allow traversal beyond the intended base.

Suggested change

	**Learning:** During manual path canonicalization, `Vec::pop` on `std::path::Components` can silently succeed when popping out of bounds or explicitly pop `RootDir`, allowing arbitrary traversal (`../../etc/passwd`).
	**Prevention:** Explicitly match the last component to ensure it is not `RootDir` or `Prefix`, and fail safely by returning an error instead of continuing to resolve paths.
	**Learning:** During manual path canonicalization, popping from a collected `Vec<std::path::Component>` without checking can remove `RootDir`/`Prefix` or exhaust the component stack, changing an absolute path into a relative one or allowing traversal beyond the intended base (`../../etc/passwd`).
	**Prevention:** Before handling `ParentDir`, explicitly inspect the last collected component, only pop normal path segments, and fail safely by returning an error if resolution would cross the root or intended base.