From 6e291cf05df66d0ddf18607d42bcf8233a9d7a7b Mon Sep 17 00:00:00 2001
From: Henry Heng <henryheng@flowiseai.com>
Date: Mon, 15 Sep 2025 14:58:53 +0100
Subject: [PATCH] Bugfix/add validation for file path (#5211)

add validation for file path
---
 .../components/nodes/documentloaders/Folder/Folder.ts    | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/packages/components/nodes/documentloaders/Folder/Folder.ts b/packages/components/nodes/documentloaders/Folder/Folder.ts
index d567f64a..e8aa16a5 100644
--- a/packages/components/nodes/documentloaders/Folder/Folder.ts
+++ b/packages/components/nodes/documentloaders/Folder/Folder.ts
@@ -10,6 +10,7 @@ import { DocxLoader } from '@langchain/community/document_loaders/fs/docx'
 import { LoadOfSheet } from '../MicrosoftExcel/ExcelLoader'
 import { PowerpointLoader } from '../MicrosoftPowerpoint/PowerpointLoader'
 import { handleEscapeCharacters } from '../../../src/utils'
+import { isPathTraversal } from '../../../src/validator'
 
 class Folder_DocumentLoaders implements INode {
     label: string
@@ -125,6 +126,14 @@ class Folder_DocumentLoaders implements INode {
         const _omitMetadataKeys = nodeData.inputs?.omitMetadataKeys as string
         const output = nodeData.outputs?.output as string
 
+        if (!folderPath) {
+            throw new Error('Folder path is required')
+        }
+
+        if (isPathTraversal(folderPath)) {
+            throw new Error('Invalid folder path: Path traversal detected. Please provide a safe folder path.')
+        }
+
         let omitMetadataKeys: string[] = []
         if (_omitMetadataKeys) {
             omitMetadataKeys = _omitMetadataKeys.split(',').map((key) => key.trim())