🛡️ Sentinel: [HIGH] Fix path traversal in manual path resolution

[bashandbone]

🚨 Severity: HIGH
💡 Vulnerability: A path traversal vulnerability existed in the manual path normalization logic (resolved.components()) when canonicalize failed in the TypeScript extractor. Component::ParentDir (..) always popped a component from the stack, even when the stack was empty or contained another .., meaning a relative path like ../../a could lose its initial .. navigation parts and evaluate incorrectly. This could allow for path traversal when resolving TypeScript imports.
🎯 Impact: This could be exploited to bypass the intended directory structure limit, leading to unauthorized file access or incorrect path resolution.
🔧 Fix: Updated the Component::ParentDir matching block to explicitly prevent popping Component::RootDir or Component::Prefix. If the components list is empty or its last element is Component::ParentDir, the new Component::ParentDir is pushed to properly preserve relative navigation.
✅ Verification: Ran the extractor typescript tests which passed successfully. Wrote a test script (deleted) to confirm Rust's path normalization correctly leaves ../../a/b/c instead of a/b/c. Added the .jules/sentinel.md learning journal.

---

PR created automatically by Jules for task 6265645109127355951 started by @bashandbone

Summary by Sourcery

Fix unsafe manual path normalization in the TypeScript dependency extractor to correctly preserve relative parent directory components and prevent path traversal when canonicalization fails.

Bug Fixes:

• Prevent path traversal in TypeScript import resolution by ensuring .. components cannot escape root or prefix and are preserved when there is no prior segment to pop.

Documentation:

• Add a Sentinel learning journal entry documenting the path traversal vulnerability, its root cause, and guidance for safe manual path normalization.

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[sourcery-ai]

Reviewer's Guide

Adjusts manual path normalization in the TypeScript dependency extractor to correctly handle parent directory components and prevent path traversal, and documents the vulnerability and fix in the Sentinel learning journal.

Sequence diagram for safe manual path resolution in TypeScript dependency extractor

sequenceDiagram
    participant Extractor as TypeScriptDependencyExtractor
    participant FS as FileSystem
    participant Canon as Canonicalizer
    participant Normalizer as ManualPathNormalizer

    Extractor->>Extractor: extract_dependencies(source_file)
    loop For each import specifier
        Extractor->>Extractor: resolve_import_path(import_path)
        Extractor->>Canon: canonicalize(resolved_path)
        alt canonicalize succeeds
            Canon-->>Extractor: Ok(canonical_path)
            Extractor->>Extractor: use canonical_path
        else canonicalize fails
            Canon-->>Extractor: Err(io_error)
            Extractor->>Normalizer: normalize_components(resolved_path)
            Normalizer->>Normalizer: iterate resolved.components()
            Normalizer-->>Extractor: normalized_relative_path
            Extractor->>Extractor: use normalized_relative_path
        end
    end

Loading

Flow diagram for updated manual path normalization logic

flowchart TD
    A["Start normalization for resolved path"] --> B["Initialize empty components stack"]
    B --> C["For each component in resolved.components()"]
    C --> D{Is component ParentDir}

    D -- Yes --> E{Is components stack empty}
    E -- Yes --> F["Push ParentDir onto stack"]
    F --> C
    E -- No --> G{Last element is RootDir or Prefix}
    G -- Yes --> H["Do nothing (do not pop RootDir or Prefix)"]
    H --> C
    G -- No --> I{Last element is ParentDir}
    I -- Yes --> J["Push ParentDir onto stack"]
    J --> C
    I -- No --> K["Pop last component from stack"]
    K --> C

    D -- No --> L{Is component CurDir}
    L -- Yes --> M["Skip component"]
    M --> C
    L -- No --> N["Push component onto stack"]
    N --> C

    C --> O["No more components"]
    O --> P["Join components stack into normalized path"]
    P --> Q["End"]

Loading

File-Level Changes

Change	Details	Files
Harden manual path component normalization to preserve leading .. segments and avoid traversing above root/prefix when canonicalize fails.	Update the Component::ParentDir handling to avoid popping RootDir or Prefix from the component stack. Ensure that when the component stack is empty, incoming ParentDir components are pushed instead of being dropped. Ensure that consecutive ParentDir components are preserved by pushing a new ParentDir when the last component is also ParentDir, while continuing to pop for normal directory components.	crates/flow/src/incremental/extractors/typescript.rs
Record the vulnerability, its root cause, and the prevention pattern in the Sentinel learning journal.	Add an entry describing the path traversal issue in manual path resolution using std::path::Component. Document the correct handling pattern for ParentDir to prevent future regressions in path normalization code.	.jules/sentinel.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• The Component::ParentDir handling block is getting a bit nested; consider extracting this normalization logic into a small helper function to clarify the intended semantics and make it easier to reason about future changes.
• It might be worth adding a short comment in the ParentDir match arm explaining the specific edge cases being handled (empty stack, previous ParentDir, and blocking pops of RootDir/Prefix) so future readers don’t inadvertently reintroduce the traversal bug.
• Double-check that the Prefix handling here covers Windows UNC and drive prefixes as intended; if there are platform-specific assumptions (e.g., only used on Unix paths), it could help to enforce or assert that in this normalization path.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The `Component::ParentDir` handling block is getting a bit nested; consider extracting this normalization logic into a small helper function to clarify the intended semantics and make it easier to reason about future changes.
- It might be worth adding a short comment in the `ParentDir` match arm explaining the specific edge cases being handled (empty stack, previous `ParentDir`, and blocking pops of `RootDir`/`Prefix`) so future readers don’t inadvertently reintroduce the traversal bug.
- Double-check that the `Prefix` handling here covers Windows UNC and drive prefixes as intended; if there are platform-specific assumptions (e.g., only used on Unix paths), it could help to enforce or assert that in this normalization path.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[Copilot]

Pull request overview

Addresses a path traversal/incorrect path normalization issue in the TypeScript dependency extractor’s fallback path resolution when canonicalize() fails, and records the incident as a Sentinel learning entry.

Changes:

• Fixes manual .. component handling during TypeScript relative module resolution to avoid dropping leading parent traversals.
• Adds a Sentinel journal entry documenting the vulnerability and the intended prevention pattern.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
crates/flow/src/incremental/extractors/typescript.rs	Hardens manual path normalization logic for Component::ParentDir when canonicalize() fails.
.jules/sentinel.md	Documents the vulnerability, learning, and prevention guidance.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.