fix(langchain): handle NextJS catch-all route files in path validation

[saakshigupta2002]

Pull Request: Fix Path Traversal False Positive on NextJS Files

Summary

This PR fixes a bug where the path traversal detection in FilesystemFileSearchMiddleware and _validate_path incorrectly flagged legitimate files containing ... (triple dots) as path traversal attempts.

Fixes #34961

Problem

NextJS uses the [...slug].ts syntax for catch-all dynamic routes. When using LangChain's file system middleware with a NextJS project, files like [...nextauth].ts were incorrectly blocked with a "Path traversal not allowed" error.

Root Cause

The path validation logic used a simple substring check:

if ".." in path or "~" in path:
    raise ValueError("Path traversal not allowed")

This incorrectly matched any path containing .., including:

• [...nextauth].ts (NextJS catch-all route)
• spread...example.ts (file with triple dots)
• ...special/ (directory with triple dots)

Solution

Changed the substring check to a regex pattern that only matches .. as a complete path segment:

_PATH_TRAVERSAL_PATTERN = re.compile(r"(^|[/\\])\.\.([/\\]|$)")

if _PATH_TRAVERSAL_PATTERN.search(path) or "~" in path:
    raise ValueError("Path traversal not allowed")

This pattern:

• Allows: [...nextauth].ts, ...spread.ts, file...name.py
• Blocks: ../secret, /.., foo/../bar, .., ..\windows

Changes

Modified Files

1. libs/langchain_v1/langchain/agents/middleware/file_search.py

   • Added _PATH_TRAVERSAL_PATTERN regex constant
   • Updated _validate_and_resolve_path() to use regex pattern

2. libs/partners/anthropic/langchain_anthropic/middleware/anthropic_tools.py

   • Added re import and _PATH_TRAVERSAL_PATTERN constant
   • Updated _validate_path() to use regex pattern

New Tests

3. libs/langchain_v1/tests/unit_tests/agents/middleware/implementations/test_file_search.py

   • test_nextjs_catchall_route_files_allowed: Verifies NextJS catch-all routes work
   • test_triple_dots_in_filename_allowed: Verifies files with ... in name work
   • test_triple_dots_in_path_allowed: Verifies directories with ... work

4. libs/partners/anthropic/tests/unit_tests/middleware/test_anthropic_tools.py

   • test_nextjs_catchall_route_paths_allowed: Verifies path validation allows ...

Test Plan

• All existing path traversal security tests pass (ensures no security regression)
• New tests for NextJS-style files pass
• Verified the fix with actual NextJS file patterns

Commands to Verify

# Run file_search tests
cd libs/langchain_v1
uv run pytest tests/unit_tests/agents/middleware/implementations/test_file_search.py -v

# Run anthropic middleware tests
cd libs/partners/anthropic
uv run pytest tests/unit_tests/middleware/test_anthropic_tools.py -v

Security Considerations

• The fix maintains the existing defense-in-depth approach
• The relative_to() check still validates resolved paths are within the root directory
• Path traversal with actual .. segments (like ../, /.., foo/../bar) is still blocked
• All existing security tests continue to pass

Backward Compatibility

This is a non-breaking bug fix. The change only allows previously incorrectly blocked paths while maintaining security for actual path traversal attempts.

[codspeed-hq]

Merging this PR will not alter performance

✅ 3 untouched benchmarks
⏩ 31 skipped benchmarks¹

---

_{Comparing saakshigupta2002:fix/path-traversal-nextjs-false-positive (c53ddd6) with master (3aca3fb)}

Footnotes

1. 31 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩