fix: prevent directory traversal in OneLake file operations#2136
Open
srinuthati78 wants to merge 3 commits intomainfrom
Open
fix: prevent directory traversal in OneLake file operations#2136srinuthati78 wants to merge 3 commits intomainfrom
srinuthati78 wants to merge 3 commits intomainfrom
Conversation
added 2 commits
March 20, 2026 10:26
Add ValidatePathForTraversal helper that rejects any path containing '..' and call it at the entry point of all 8 public methods that use user-supplied paths in URL construction: GetFileInfoAsync, ReadFileAsync, WriteFileAsync, PutBlobAsync, GetBlobAsync, DeleteFileAsync, DeleteDirectoryAsync, CreateDirectoryAsync. This prevents a directory traversal attack where a crafted path like '../../other-item/Files/secret' could be normalized by System.Uri to escape the intended item scope and access files in other lakehouses/warehouses.
Adds ValidatePathForTraversal helper to OneLakeService that rejects any path containing '..' sequences before making an HTTP request. The check is applied to all 13 file/blob/directory methods that accept caller- supplied path parameters. Adds 65 new tests covering the traversal guard at both the service level (OneLakePathTraversalTests) and per-command level (FileRead, FileWrite, FileDelete, BlobGet, BlobPut, DirectoryCreate, DirectoryDelete commands). Fixes xUnit1051 (explicit CancellationToken) and TableGetCommand test to use --namespace instead of --schema.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens the Fabric OneLake tool by adding service-side validation to block directory traversal attempts in caller-supplied file/blob/directory paths before any HTTP requests are sent, and extends test coverage to verify the behavior across the OneLake surface area.
Changes:
- Added a
ValidatePathForTraversalhelper inOneLakeServiceand applied it across the OneLake file/blob/directory APIs. - Added service-level traversal tests and updated command tests to validate traversal inputs return error responses.
- Added a Fabric server changelog entry for the security fix.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/Fabric.Mcp.Tools.OneLake/src/Services/OneLakeService.cs | Adds and applies path traversal validation to OneLake data-plane operations. |
| tools/Fabric.Mcp.Tools.OneLake/tests/Services/OneLakePathTraversalTests.cs | New service-level tests ensuring traversal inputs fail before any HTTP call is made. |
| tools/Fabric.Mcp.Tools.OneLake/tests/Commands/FileWriteCommandTests.cs | Adds traversal rejection test case for the file write command. |
| tools/Fabric.Mcp.Tools.OneLake/tests/Commands/FileReadCommandTests.cs | Adds traversal rejection test case for the file read command. |
| tools/Fabric.Mcp.Tools.OneLake/tests/Commands/FileDeleteCommandTests.cs | Adds traversal rejection test case for the file delete command. |
| tools/Fabric.Mcp.Tools.OneLake/tests/Commands/DirectoryCreateCommandTests.cs | Adds traversal rejection test case for directory create command. |
| tools/Fabric.Mcp.Tools.OneLake/tests/Commands/DirectoryDeleteCommandTests.cs | Adds traversal rejection test case for directory delete command. |
| tools/Fabric.Mcp.Tools.OneLake/tests/Commands/BlobPutCommandTests.cs | Adds traversal rejection test case for blob put command. |
| tools/Fabric.Mcp.Tools.OneLake/tests/Commands/BlobGetCommandTests.cs | Adds traversal rejection test case for blob get command. |
| tools/Fabric.Mcp.Tools.OneLake/tests/Commands/Table/TableGetCommandTests.cs | Updates parsing in schema/namespace-related test case. |
| servers/Fabric.Mcp.Server/changelog-entries/1774030436485.yaml | Records the bug/security fix in the Fabric server changelog entry format. |
tools/Fabric.Mcp.Tools.OneLake/tests/Services/OneLakePathTraversalTests.cs
Show resolved
Hide resolved
tools/Fabric.Mcp.Tools.OneLake/tests/Commands/Table/TableGetCommandTests.cs
Show resolved
Hide resolved
…riants - ValidatePathForTraversal now decodes percent-encoding (Uri.UnescapeDataString) before checking, catching %2e%2e and %2E%2E variants - Splits on both '/' and '\' separators and rejects any segment equal to '.' or '..' - Neutral error message 'Path cannot contain directory traversal sequences.' instead of the misleading 'File path...' for blob/directory params - Updated 93 traversal tests: added URL-encoded InlineData cases to all 13 service methods; updated command-level tests to match new error message - Renamed TableGetCommandTests.ExecuteAsync_AllowsSchemaAlias to ExecuteAsync_AcceptsWorkspaceAndItemByName - Updated tests/README.md and tests/TestImplementationSummary.md (231 tests)
AmosHersch
reviewed
Mar 22, 2026
| foreach (var segment in segments) | ||
| { | ||
| var trimmed = segment.Trim(); | ||
| if (trimmed is "." or "..") |
Contributor
There was a problem hiding this comment.
Maybe consider blocking "~" character as well?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Adds a ValidatePathForTraversal helper to OneLakeService that rejects any caller-supplied path containing .. sequences before an HTTP request is made, preventing directory traversal attacks.
Changes:
OneLakeService.cs: ValidatePathForTraversal static helper applied across all 13 file/blob/directory methods
New: OneLakePathTraversalTests.cs— service-level tests for all 13 methods
Updated command tests: FileRead, FileWrite, FileDelete, BlobGet, BlobPut, DirectoryCreate, DirectoryDelete — each with a traversal rejection test case
Fixed TableGetCommandTests.cs to use --namespace instead of --schema
Changelog entry added to changelog-entries
Tests: 191/191 passing
[Add additional context, screenshots, or information that helps reviewers]GitHub issue number?
[Link to the GitHub issue this PR addresses]Pre-merge Checklist
servers/Azure.Mcp.Server/README.mdand/orservers/Fabric.Mcp.Server/README.mddocumentationREADME.mdchanges running the script./eng/scripts/Process-PackageReadMe.ps1. See Package READMEToolDescriptionEvaluatorand obtained a score of0.4or more and a top 3 ranking for all related test promptsconsolidated-tools.jsonbreaking-changelabelservers/Azure.Mcp.Server/docs/azmcp-commands.md./eng/scripts/Update-AzCommandsMetadata.ps1to update tool metadata inazmcp-commands.md(required for CI)servers/Azure.Mcp.Server/docs/e2eTestPrompts.mdcrypto mining, spam, data exfiltration, etc.)/azp run mcp - pullrequest - liveto run Live Test Pipeline