fix(files): keep traversal protection for https URLs matching internal serve paths

Author: waleedlatif1

apps/sim/app/api/files/parse/route.test.ts

@@ -831,6 +831,33 @@ describe('Files Parse API - Path Traversal Security', () => {
       )
     })
 
+    it('should still reject traversal in https URLs that look like internal serve URLs', async () => {
+      inputValidationMockFns.mockValidateUrlWithDNS.mockResolvedValue({
+        isValid: true,
+        resolvedIP: '203.0.113.10',
+      })
+      inputValidationMockFns.mockSecureFetchWithPinnedIP.mockResolvedValue(
+        new Response('should never be fetched', { status: 200 })
+      )
+
+      // Absolute https URL containing `/api/files/serve/` matches isInternalFileUrl and would
+      // route to handleCloudFile — so it must keep traversal protection, not be waved through
+      // as an external URL.
+      const request = new NextRequest('http://localhost:3000/api/files/parse', {
+        method: 'POST',
+        body: JSON.stringify({
+          filePath: 'https://attacker.com/api/files/serve/../../../etc/passwd',
+        }),
+      })
+
+      const response = await POST(request)
+      const result = await response.json()
+
+      expect(result.success).toBe(false)
+      expect(result.error).toMatch(/Access denied: path traversal detected/)
+      expect(inputValidationMockFns.mockSecureFetchWithPinnedIP).not.toHaveBeenCalled()
+    })
+
     it('should handle encoded path traversal attempts', async () => {
       const encodedMaliciousPaths = [
         '/api/files/serve/%2e%2e%2f%2e%2e%2fetc%2fpasswd', // ../../../etc/passwd

apps/sim/app/api/files/parse/route.ts

@@ -427,15 +427,22 @@ function assertParsedContentWithinLimit(content: string, maxBytes?: number): str
  * not be rejected. Providers such as Slack routinely emit slugs containing a literal `...`.
  *
  * Internal file URLs (`/api/files/serve/...`) ARE resolved to storage keys and filesystem
- * paths via `extractStorageKey`, so they keep full traversal protection — only the leading-`/`
- * "outside allowed directory" check is relaxed for them, since that prefix is expected.
+ * paths via `extractStorageKey`, so they keep full traversal protection. The external
+ * short-circuit explicitly excludes them: `parseFileSingle` routes anything matching
+ * `isInternalFileUrl` to `handleCloudFile` (even an absolute `https://host/api/files/serve/...`),
+ * so such inputs must stay subject to the `..`/`~` checks rather than being waved through as
+ * external URLs. Only the leading-`/` "outside allowed directory" check is relaxed for them,
+ * since that prefix is expected.
  */
 function validateFilePath(filePath: string): { isValid: boolean; error?: string } {
   if (filePath.includes('\0')) {
     return { isValid: false, error: 'Invalid path: null byte detected' }
   }
 
-  if (filePath.startsWith('http://') || filePath.startsWith('https://')) {
+  if (
+    (filePath.startsWith('http://') || filePath.startsWith('https://')) &&
+    !isInternalFileUrl(filePath)
+  ) {
     return { isValid: true }
   }