Flowise

History

Taraka Vishnumolakala 2414057c08 feat(security): enhance file path validation and implement non-root D… (#5474 ) * feat(security): enhance file path validation and implement non-root Docker user - Validate resolved full file paths including workspace boundaries in SecureFileStore - Resolve paths before validation in readFile and writeFile operations - Run Docker container as non-root flowise user (uid/gid 1001) - Apply proper file ownership and permissions for application files Prevents path traversal attacks and follows container security best practices * Add sensitive system directory validation and Flowise internal file protection * Update Dockerfile to use default node user * update validation patterns to include additional system binary directories (/usr/bin, /usr/sbin, /usr/local/bin) * added isSafeBrowserExecutable function to validate browser executable paths for Playwright and Puppeteer loaders --------- Co-authored-by: taraka-vishnumolakala <taraka.vishnumolakala@workday.com> Co-authored-by: Henry Heng <henryheng@flowiseai.com> Co-authored-by: Henry <hzj94@hotmail.com>	2025-11-15 15:03:01 +00:00
..
Puppeteer.ts	feat(security): enhance file path validation and implement non-root D… (#5474 )	2025-11-15 15:03:01 +00:00
puppeteer.svg	Updated document loader icons	2023-12-18 04:22:10 -05:00

Taraka Vishnumolakala 2414057c08

feat(security): enhance file path validation and implement non-root D… (#5474 )

* feat(security): enhance file path validation and implement non-root Docker user

- Validate resolved full file paths including workspace boundaries in SecureFileStore
- Resolve paths before validation in readFile and writeFile operations
- Run Docker container as non-root flowise user (uid/gid 1001)
- Apply proper file ownership and permissions for application files

Prevents path traversal attacks and follows container security best practices

* Add sensitive system directory validation and Flowise internal file protection

* Update Dockerfile to use default node user

* update validation patterns to include additional system binary directories (/usr/bin, /usr/sbin, /usr/local/bin)

* added isSafeBrowserExecutable function to validate browser executable paths for Playwright and Puppeteer loaders

---------

Co-authored-by: taraka-vishnumolakala <taraka.vishnumolakala@workday.com>
Co-authored-by: Henry Heng <henryheng@flowiseai.com>
Co-authored-by: Henry <hzj94@hotmail.com>

2025-11-15 15:03:01 +00:00

Puppeteer.ts

feat(security): enhance file path validation and implement non-root D… (#5474 )

2025-11-15 15:03:01 +00:00

puppeteer.svg

Updated document loader icons

2023-12-18 04:22:10 -05:00