fix: allow absolute folder paths in Docker via FLOWISE_ALLOWED_FOLDER_PATHS

[deepak0x]

Closes #5958

Problem

The isPathTraversal() validator blocks all absolute Unix paths (regex /^\//). This makes the Folder with Files document loader unusable in Docker, where users mount volumes at paths like /data/documents.

The existing escape hatch PATH_TRAVERSAL_SAFETY=false disables all traversal safety — too broad for operators who only want to allow specific mount points.

Fix

A new FLOWISE_ALLOWED_FOLDER_PATHS env var accepts a comma-separated list of trusted absolute base paths:

FLOWISE_ALLOWED_FOLDER_PATHS=/data/documents,/mnt/shared

Absolute Unix paths that fall within one of those base directories pass through isPathTraversal() without triggering the block. All other checks (../ traversal, percent-encoded chars, UNC/Windows paths, null bytes) remain fully enforced.

What's unchanged

• Default behaviour is identical — absolute paths are still blocked unless FLOWISE_ALLOWED_FOLDER_PATHS is set
• PATH_TRAVERSAL_SAFETY=false still disables all checks (existing escape hatch preserved)
• ../ and encoded traversal through an allowed path (/data/docs/../../../etc) is still caught

Files changed

• packages/components/src/validator.ts — getAllowedFolderPaths() helper + updated isPathTraversal()
• packages/components/src/validator.test.ts — 8 new test cases
• docker/.env.example + packages/server/.env.example — documented the new var next to PATH_TRAVERSAL_SAFETY

[gemini-code-assist]

Code Review

This pull request introduces the FLOWISE_ALLOWED_FOLDER_PATHS environment variable, allowing users to specify absolute Unix paths that should bypass path traversal checks. This provides a more granular security configuration compared to disabling traversal safety entirely. The changes include updates to the validator logic, environment variable examples, and comprehensive test cases. Feedback was provided regarding a potential logic failure when the root directory is allowed and the efficiency of parsing environment variables on every request, suggesting a caching mechanism.

[gemini-code-assist]

The current logic for checking subdirectories fails when the allowed path is the root directory (/). If allowed is /, allowed + path.sep becomes // (on Unix), and normalizedInput.startsWith('//') will be false for standard absolute paths like /etc/passwd. A more robust check for the root path is needed.

const isExplicitlyAllowed = allowedPaths.some((allowed) => {
    if (normalizedInput === allowed) return true
    const prefix = allowed === path.sep ? allowed : allowed + path.sep
    return normalizedInput.startsWith(prefix)
})

[gemini-code-assist]

The getAllowedFolderPaths function is called every time isPathTraversal encounters an absolute path. Since environment variables are typically static during the application's lifecycle, parsing the string, splitting, and normalizing paths on every call is inefficient. Consider caching the result.

const getAllowedFolderPaths = (() => {
    let cache: { raw: string | undefined; paths: string[] } | null = null
    return (): string[] => {
        const raw = process.env.FLOWISE_ALLOWED_FOLDER_PATHS
        if (cache && cache.raw === raw) return cache.paths
        const paths = (raw || '')
            .split(',')
            .map((p) => p.trim())
            .filter((p) => p !== '' && path.isAbsolute(p))
            .map((p) => {
                const normalized = path.normalize(p)
                return normalized.length > 1 && normalized.endsWith(path.sep) ? normalized.slice(0, -1) : normalized
            })
        cache = { raw, paths }
        return paths
    }
})()

[deepak0x]

@HenryHengZJ ready for review.