fix(webapp): validate packet storage paths against traversal

Ekaterina Bulatova · Ekaterina Bulatova · commit cd5487eba31f · 2026-06-04T13:44:53.000+02:00
Packet-relative paths were used to construct object-store keys and
presigned URLs without validation. Crafted paths containing traversal
segments could escape the intended `packets/{projectRef}/{envSlug}/` prefix.

Add `assertSafePacketRelativePath`, which rejects empty paths, leading
`/`, backslashes, and empty/`.`/`..` path segments.

Validation is enforced for:
- packet uploads
- packet downloads
- packet presign requests

Valid paths such as `run_123/payload.json` are unaffected.

Adds unit tests covering path validation and presign behavior.
diff --git a/.server-changes/validate-packet-storage-paths.md b/.server-changes/validate-packet-storage-paths.md
@@ -0,0 +1,6 @@
+---
+area: webapp
+type: fix
+---
+
+Validate packet-relative storage paths before building object-store keys or presigned URLs. Rejects path traversal (`..`), absolute paths, backslashes, and empty segments to prevent escaping a project/environment's packet prefix. Applied in `uploadPacketToObjectStore`, `downloadPacketFromObjectStore`, and `generatePresignedRequest`.
diff --git a/apps/webapp/app/routes/api.v1.packets.$.ts b/apps/webapp/app/routes/api.v1.packets.$.ts
@@ -3,7 +3,7 @@ import { json } from "@remix-run/server-runtime";
 import { z } from "zod";
 import { authenticateApiRequest } from "~/services/apiAuth.server";
 import { createLoaderApiRoute } from "~/services/routeBuilders/apiBuilder.server";
-import { generatePresignedUrl } from "~/v3/objectStore.server";
+import { generatePresignedUrl, jsonPacketPresignFailure } from "~/v3/objectStore.server";
 
 const ParamsSchema = z.object({
   "*": z.string(),
@@ -34,7 +34,7 @@ export async function action({ request, params }: ActionFunctionArgs) {
   );
 
   if (!signed.success) {
-    return json({ error: `Failed to generate presigned URL: ${signed.error}` }, { status: 500 });
+    return jsonPacketPresignFailure(signed);
   }
 
   // Caller can now use this URL to upload to that object.
@@ -59,7 +59,7 @@ export const loader = createLoaderApiRoute(
     );
 
     if (!signed.success) {
-      return json({ error: `Failed to generate presigned URL: ${signed.error}` }, { status: 500 });
+      return jsonPacketPresignFailure(signed);
     }
 
     // Caller can now use this URL to fetch that object.
diff --git a/apps/webapp/app/routes/api.v2.packets.$.ts b/apps/webapp/app/routes/api.v2.packets.$.ts
@@ -2,7 +2,7 @@ import type { ActionFunctionArgs } from "@remix-run/server-runtime";
 import { json } from "@remix-run/server-runtime";
 import { z } from "zod";
 import { authenticateApiRequest } from "~/services/apiAuth.server";
-import { generatePresignedUrl } from "~/v3/objectStore.server";
+import { generatePresignedUrl, jsonPacketPresignFailure } from "~/v3/objectStore.server";
 
 const ParamsSchema = z.object({
   "*": z.string(),
@@ -34,7 +34,7 @@ export async function action({ request, params }: ActionFunctionArgs) {
   );
 
   if (!signed.success) {
-    return json({ error: `Failed to generate presigned URL: ${signed.error}` }, { status: 500 });
+    return jsonPacketPresignFailure(signed);
   }
 
   if (signed.storagePath === undefined) {
diff --git a/apps/webapp/app/v3/objectStore.server.ts b/apps/webapp/app/v3/objectStore.server.ts
@@ -1,7 +1,9 @@
+import { json } from "@remix-run/server-runtime";
 import { type IOPacket } from "@trigger.dev/core/v3";
 import { env } from "~/env.server";
 import { type AuthenticatedEnvironment } from "~/services/apiAuth.server";
 import { logger } from "~/services/logger.server";
+import { ServiceValidationError } from "~/v3/services/common.server";
 import { singleton } from "~/utils/singleton";
 import { ObjectStoreClient, type ObjectStoreClientConfig } from "./objectStoreClient.server";
 
@@ -47,6 +49,40 @@ export function formatStorageUri(path: string, protocol?: string): string {
   return path;
 }
 
+export const INVALID_PACKET_STORAGE_PATH = "Invalid packet storage path";
+
+export type PacketPresignFailure = {
+  success: false;
+  error: string;
+  status?: number;
+};
+
+/**
+ * Reject path traversal and other unsafe packet-relative storage paths before
+ * building object-store keys or presigned URLs.
+ */
+export function assertSafePacketRelativePath(path: string): void {
+  if (!path || path.includes("\\") || path.startsWith("/")) {
+    throw new ServiceValidationError(INVALID_PACKET_STORAGE_PATH, 400);
+  }
+
+  for (const segment of path.split("/")) {
+    if (segment === "" || segment === "." || segment === "..") {
+      throw new ServiceValidationError(INVALID_PACKET_STORAGE_PATH, 400);
+    }
+  }
+}
+
+/** JSON response for packet presign failures (400 client error vs 500 internal). */
+export function jsonPacketPresignFailure(failure: PacketPresignFailure) {
+  const status = failure.status ?? 500;
+  if (status === 400) {
+    return json({ error: failure.error }, { status: 400 });
+  }
+
+  return json({ error: `Failed to generate presigned URL: ${failure.error}` }, { status: 500 });
+}
+
 /**
  * Get object storage configuration for a given protocol.
  * Returns a config if baseUrl is set, even without explicit credentials —
@@ -134,6 +170,9 @@ export async function uploadPacketToObjectStore(
     throw new Error(`Object store is not configured for protocol: ${protocol || "default"}`);
   }
 
+  const { path } = parseStorageUri(filename);
+  assertSafePacketRelativePath(path);
+
   const key = `packets/${environment.project.externalRef}/${environment.slug}/${filename}`;
 
   logger.debug("Uploading to object store", { key, protocol: protocol || "default" });
@@ -162,6 +201,8 @@ export async function downloadPacketFromObjectStore(
   }
 
   const { protocol, path } = parseStorageUri(packet.data);
+  assertSafePacketRelativePath(path);
+
   const client = getObjectStoreClient(protocol);
 
   if (!client) {
@@ -220,10 +261,7 @@ export async function generatePresignedRequest(
   method: "PUT" | "GET" = "PUT",
   options?: GeneratePacketPresignOptions
 ): Promise<
-  | {
-      success: false;
-      error: string;
-    }
+  | PacketPresignFailure
   | {
       success: true;
       request: Request;
@@ -237,6 +275,20 @@ export async function generatePresignedRequest(
     options?.forceNoPrefix
   );
 
+  try {
+    assertSafePacketRelativePath(path);
+  } catch (error) {
+    if (error instanceof ServiceValidationError) {
+      return {
+        success: false,
+        error: error.message,
+        status: error.status ?? 400,
+      };
+    }
+
+    throw error;
+  }
+
   const config = getObjectStoreConfig(storeProtocol);
   if (!config?.baseUrl) {
     return {
@@ -289,23 +341,14 @@ export async function generatePresignedUrl(
   filename: string,
   method: "PUT" | "GET" = "PUT",
   options?: GeneratePacketPresignOptions
-): Promise<
-  | {
-      success: false;
-      error: string;
-    }
-  | {
-      success: true;
-      url: string;
-      storagePath?: string;
-    }
-> {
+): Promise<PacketPresignFailure | { success: true; url: string; storagePath?: string }> {
   const signed = await generatePresignedRequest(projectRef, envSlug, filename, method, options);
 
   if (!signed.success) {
     return {
       success: false,
       error: signed.error,
+      status: signed.status,
     };
   }
 
diff --git a/apps/webapp/test/objectStore.test.ts b/apps/webapp/test/objectStore.test.ts
@@ -4,12 +4,16 @@ import { type PrismaClient } from "@trigger.dev/database";
 import { afterAll, describe, expect, it, vi } from "vitest";
 import { env } from "~/env.server";
 import { processWaitpointCompletionPacket } from "~/runEngine/concerns/waitpointCompletionPacket.server";
+import { ServiceValidationError } from "~/v3/services/common.server";
 import {
+  assertSafePacketRelativePath,
   downloadPacketFromObjectStore,
   formatStorageUri,
   generatePresignedRequest,
   generatePresignedUrl,
   hasObjectStoreClient,
+  INVALID_PACKET_STORAGE_PATH,
+  jsonPacketPresignFailure,
   parseStorageUri,
   resolveStoreProtocolForPacketPresign,
   uploadPacketToObjectStore,
@@ -106,6 +110,87 @@ describe("Object Storage", () => {
     });
   });
 
+  describe("assertSafePacketRelativePath", () => {
+    it.each([
+      "../file.json",
+      "../../other-env/file.json",
+      "foo/../bar.json",
+      "/absolute/path.json",
+      "foo//bar.json",
+      "foo\\bar.json",
+      ".",
+      "..",
+    ])("rejects unsafe path %s with 400 ServiceValidationError", (path) => {
+      try {
+        assertSafePacketRelativePath(path);
+        expect.unreachable("expected path validation to throw");
+      } catch (error) {
+        expect(error).toBeInstanceOf(ServiceValidationError);
+        expect((error as ServiceValidationError).message).toBe(INVALID_PACKET_STORAGE_PATH);
+        expect((error as ServiceValidationError).status).toBe(400);
+      }
+    });
+
+    it("allows normal packet paths", () => {
+      expect(() => assertSafePacketRelativePath("run_123/payload.json")).not.toThrow();
+    });
+
+    it("rejects traversal in protocol-prefixed storage URIs", () => {
+      expect(() => assertSafePacketRelativePath(parseStorageUri("s3://../evil.json").path)).toThrow(
+        ServiceValidationError
+      );
+    });
+  });
+
+  describe("jsonPacketPresignFailure", () => {
+    it("returns 400 for invalid packet path validation failures", async () => {
+      const response = jsonPacketPresignFailure({
+        success: false,
+        error: INVALID_PACKET_STORAGE_PATH,
+        status: 400,
+      });
+      expect(response.status).toBe(400);
+      expect(await response.json()).toEqual({ error: INVALID_PACKET_STORAGE_PATH });
+    });
+
+    it("returns 500 for other presign failures", async () => {
+      const response = jsonPacketPresignFailure({
+        success: false,
+        error: "Object store is not configured for protocol: default",
+      });
+      expect(response.status).toBe(500);
+      expect(await response.json()).toEqual({
+        error: "Failed to generate presigned URL: Object store is not configured for protocol: default",
+      });
+    });
+  });
+
+  describe("generatePresignedUrl path validation", () => {
+    it.each(["../file.json", "../../other-env/file.json", "foo/../bar.json", "/absolute/path.json"])(
+      "returns 400 failure for unsafe path %s without calling object store",
+      async (filename) => {
+        const result = await generatePresignedUrl("proj_test", "dev", filename, "PUT");
+        expect(result.success).toBe(false);
+        if (result.success) throw new Error("expected presign to fail");
+        expect(result.error).toBe(INVALID_PACKET_STORAGE_PATH);
+        expect(result.status).toBe(400);
+      }
+    );
+
+    it("allows presign for valid packet paths when object store is not configured", async () => {
+      env.OBJECT_STORE_BASE_URL = undefined;
+      env.OBJECT_STORE_ACCESS_KEY_ID = undefined;
+      env.OBJECT_STORE_SECRET_ACCESS_KEY = undefined;
+      env.OBJECT_STORE_DEFAULT_PROTOCOL = undefined;
+
+      const result = await generatePresignedUrl("proj_test", "dev", "run_123/payload.json", "PUT");
+      expect(result.success).toBe(false);
+      if (result.success) throw new Error("expected presign to fail");
+      expect(result.error).toContain("Object store is not configured");
+      expect(result.status).toBeUndefined();
+    });
+  });
+
   describe("resolveStoreProtocolForPacketPresign", () => {
     afterEach(() => {
       env.OBJECT_STORE_DEFAULT_PROTOCOL = originalEnvObj.OBJECT_STORE_DEFAULT_PROTOCOL;
