[i ,dZddlmZddlZddlZddZy)a^Shared path security utilities for preventing path traversal and SSRF attacks. This module provides a centralized implementation for path validation that is used by multiple parts of the codebase. Having a single implementation ensures consistent security checks and avoids divergent behavior between components. Security Context ---------------- These checks are designed to run BEFORE any filesystem operations (like ``os.path.realpath()``) to prevent Windows from triggering SMB connections to attacker-controlled servers when resolving UNC paths. This prevents SSRF attacks and NTLM hash disclosure. ) annotationsNcdd|vry|jdryt|dk\r|dtjvr |ddk(ry|jdrytj j |ry|jd d }|jd Dcgc]}|s| }}d |vScc}w) aReturn True if path contains UNC, absolute, drive, or traversal patterns. This function checks for dangerous path patterns that could lead to: - SSRF attacks via Windows UNC path resolution - NTLM hash disclosure via SMB connections - Path traversal outside intended directories - Path truncation via null bytes IMPORTANT: This check must run BEFORE any ``os.path.realpath()`` calls to prevent Windows from triggering SMB connections to attacker-controlled servers. Parameters ---------- path : str The path string to validate. Returns ------- bool True if the path contains unsafe patterns, False if it appears safe for further processing. Examples -------- >>> is_unsafe_path_pattern("subdir/file.js") False >>> is_unsafe_path_pattern("\\\\server\\share") True >>> is_unsafe_path_pattern("../../../etc/passwd") True >>> is_unsafe_path_pattern("C:\\Windows\\system32") True T)z\\z//r:)\/r r z..) startswithlenstring ascii_lettersospathisabsreplacesplit)r normalizedsegsegmentss h/var/www/html/userprofiledev.eatanceapp.com/venv/lib/python3.12/site-packages/streamlit/path_security.pyis_unsafe_path_patternr#sH~ ~& 4yA~$q'V%9%99d1gn {# ww}}TdC(J)//4<44H< 8 =s B-#B-)rstrreturnbool)__doc__ __future__rrr rrr s # ?r