fix(core): Set default for allowed file access dirs

ivov · ivov · commit 6e6ba2c8b893 · 2025-11-25T17:48:15.000+01:00
diff --git a/packages/@n8n/config/src/configs/security.config.ts b/packages/@n8n/config/src/configs/security.config.ts
@@ -3,18 +3,19 @@ import { Config, Env } from '../decorators';
 @Config
 export class SecurityConfig {
 	/**
-	 * Which directories to limit n8n's access to. Separate multiple dirs with semicolon `;`.
+	 * Dirs that the `ReadWriteFile` and `ReadBinaryFiles` nodes are allowed to access. Separate multiple dirs with semicolon `;`.
+	 * Set to an empty string to disable restrictions (insecure, not recommended for production).
 	 *
-	 * @example N8N_RESTRICT_FILE_ACCESS_TO=/home/user/.n8n;/home/user/n8n-data
+	 * @example N8N_RESTRICT_FILE_ACCESS_TO=/home/john/my-n8n-files
 	 */
 	@Env('N8N_RESTRICT_FILE_ACCESS_TO')
-	restrictFileAccessTo: string = '';
+	restrictFileAccessTo: string = '~/.n8n-files';
 
 	/**
-	 * Whether to block access to all files at:
-	 * - the ".n8n" directory,
-	 * - the static cache dir at ~/.cache/n8n/public, and
-	 * - user-defined config files.
+	 * Whether to block nodes from accessing files at dirs internally used by n8n:
+	 * - `~/.n8n`
+	 * - `~/.cache/n8n/public`
+	 * - any dirs specified by `N8N_CONFIG_FILES`, `N8N_CUSTOM_EXTENSIONS`, `N8N_BINARY_DATA_STORAGE_PATH`, `N8N_UM_EMAIL_TEMPLATES_INVITE`, and `UM_EMAIL_TEMPLATES_PWRESET`.
 	 */
 	@Env('N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES')
 	blockFileAccessToN8nFiles: boolean = true;
diff --git a/packages/@n8n/config/test/config.test.ts b/packages/@n8n/config/test/config.test.ts
@@ -317,7 +317,7 @@ describe('GlobalConfig', () => {
 			cert: '',
 		},
 		security: {
-			restrictFileAccessTo: '',
+			restrictFileAccessTo: '~/.n8n-files',
 			blockFileAccessToN8nFiles: true,
 			daysAbandonedWorkflow: 90,
 			contentSecurityPolicy: '{}',
diff --git a/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts b/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts
@@ -1,3 +1,4 @@
+import { SecurityConfig } from '@n8n/config';
 import { Container } from '@n8n/di';
 import type { INode } from 'n8n-workflow';
 import { createReadStream } from 'node:fs';
@@ -9,7 +10,6 @@ import {
 	BLOCK_FILE_ACCESS_TO_N8N_FILES,
 	CONFIG_FILES,
 	CUSTOM_EXTENSION_ENV,
-	RESTRICT_FILE_ACCESS_TO,
 	UM_EMAIL_TEMPLATES_INVITE,
 	UM_EMAIL_TEMPLATES_PWRESET,
 } from '@/constants';
@@ -23,6 +23,7 @@ jest.mock('node:fs/promises');
 const originalProcessEnv = { ...process.env };
 
 let instanceSettings: InstanceSettings;
+let securityConfig: SecurityConfig;
 beforeEach(() => {
 	process.env = { ...originalProcessEnv };
 
@@ -33,6 +34,8 @@ beforeEach(() => {
 	(fsRealpath as jest.Mock).mockImplementation((path: string) => path);
 
 	instanceSettings = Container.get(InstanceSettings);
+	securityConfig = Container.get(SecurityConfig);
+	securityConfig.restrictFileAccessTo = '';
 });
 
 describe('isFilePathBlocked', () => {
@@ -51,25 +54,25 @@ describe('isFilePathBlocked', () => {
 	});
 
 	it('should handle empty allowed paths', async () => {
-		delete process.env[RESTRICT_FILE_ACCESS_TO];
+		securityConfig.restrictFileAccessTo = '';
 		const result = await isFilePathBlocked('/some/random/path');
 		expect(result).toBe(false);
 	});
 
 	it('should handle multiple allowed paths', async () => {
-		process.env[RESTRICT_FILE_ACCESS_TO] = '/path1;/path2;/path3';
+		securityConfig.restrictFileAccessTo = '/path1;/path2;/path3';
 		const allowedPath = '/path2/somefile';
 		expect(await isFilePathBlocked(allowedPath)).toBe(false);
 	});
 
 	it('should handle empty strings in allowed paths', async () => {
-		process.env[RESTRICT_FILE_ACCESS_TO] = '/path1;;/path2';
+		securityConfig.restrictFileAccessTo = '/path1;;/path2';
 		const allowedPath = '/path2/somefile';
 		expect(await isFilePathBlocked(allowedPath)).toBe(false);
 	});
 
 	it('should trim whitespace in allowed paths', async () => {
-		process.env[RESTRICT_FILE_ACCESS_TO] = ' /path1 ; /path2 ; /path3 ';
+		securityConfig.restrictFileAccessTo = ' /path1 ; /path2 ; /path3 ';
 		const allowedPath = '/path2/somefile';
 		expect(await isFilePathBlocked(allowedPath)).toBe(false);
 	});
@@ -81,14 +84,14 @@ describe('isFilePathBlocked', () => {
 	});
 
 	it('should return true when path is in allowed paths but still restricted', async () => {
-		process.env[RESTRICT_FILE_ACCESS_TO] = '/some/allowed/path';
+		securityConfig.restrictFileAccessTo = '/some/allowed/path';
 		const restrictedPath = instanceSettings.n8nFolder;
 		expect(await isFilePathBlocked(restrictedPath)).toBe(true);
 	});
 
 	it('should return false when path is in allowed paths', async () => {
 		const allowedPath = '/some/allowed/path';
-		process.env[RESTRICT_FILE_ACCESS_TO] = allowedPath;
+		securityConfig.restrictFileAccessTo = allowedPath;
 		expect(await isFilePathBlocked(allowedPath)).toBe(false);
 	});
 
@@ -125,7 +128,7 @@ describe('isFilePathBlocked', () => {
 		const homeVarName = process.platform === 'win32' ? 'USERPROFILE' : 'HOME';
 		const userHome = process.env.N8N_USER_FOLDER ?? process.env[homeVarName] ?? process.cwd();
 
-		process.env[RESTRICT_FILE_ACCESS_TO] = userHome;
+		securityConfig.restrictFileAccessTo = userHome;
 		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';
 		const restrictedPath = instanceSettings.n8nFolder;
 		expect(await isFilePathBlocked(restrictedPath)).toBe(true);
@@ -135,7 +138,7 @@ describe('isFilePathBlocked', () => {
 		const homeVarName = process.platform === 'win32' ? 'USERPROFILE' : 'HOME';
 		const userHome = process.env.N8N_USER_FOLDER ?? process.env[homeVarName] ?? process.cwd();
 
-		process.env[RESTRICT_FILE_ACCESS_TO] = userHome;
+		securityConfig.restrictFileAccessTo = userHome;
 		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';
 		const restrictedPath = join(userHome, 'somefile.txt');
 		expect(await isFilePathBlocked(restrictedPath)).toBe(false);
@@ -145,14 +148,14 @@ describe('isFilePathBlocked', () => {
 		const homeVarName = process.platform === 'win32' ? 'USERPROFILE' : 'HOME';
 		const userHome = process.env.N8N_USER_FOLDER ?? process.env[homeVarName] ?? process.cwd();
 
-		process.env[RESTRICT_FILE_ACCESS_TO] = userHome;
+		securityConfig.restrictFileAccessTo = userHome;
 		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';
 		const restrictedPath = join(userHome, '.n8n_x');
 		expect(await isFilePathBlocked(restrictedPath)).toBe(false);
 	});
 
 	it('should return true for a symlink in a allowed path to a restricted path', async () => {
-		process.env[RESTRICT_FILE_ACCESS_TO] = '/path1';
+		securityConfig.restrictFileAccessTo = '/path1';
 		const allowedPath = '/path1/symlink';
 		const actualPath = '/path2/realfile';
 		(fsRealpath as jest.Mock).mockImplementation((path: string) =>
@@ -173,7 +176,7 @@ describe('isFilePathBlocked', () => {
 	it('should handle non-existent file when it is not allowed', async () => {
 		const filePath = '/non/existent/file';
 		const allowedPath = '/some/allowed/path';
-		process.env[RESTRICT_FILE_ACCESS_TO] = allowedPath;
+		securityConfig.restrictFileAccessTo = allowedPath;
 		const error = new Error('ENOENT');
 		// @ts-expect-error undefined property
 		error.code = 'ENOENT';
@@ -216,15 +219,15 @@ describe('getFileSystemHelperFunctions', () => {
 		});
 
 		it('should throw when file access is blocked', async () => {
-			process.env[RESTRICT_FILE_ACCESS_TO] = '/allowed/path';
+			securityConfig.restrictFileAccessTo = '/allowed/path';
 			(fsAccess as jest.Mock).mockResolvedValueOnce({});
 			await expect(helperFunctions.createReadStream('/blocked/path')).rejects.toThrow(
 				'Access to the file is not allowed',
 			);
 		});
 
 		it('should not reveal if file exists if it is within restricted path', async () => {
-			process.env[RESTRICT_FILE_ACCESS_TO] = '/allowed/path';
+			securityConfig.restrictFileAccessTo = '/allowed/path';
 
 			const error = new Error('ENOENT');
 			// @ts-expect-error undefined property
diff --git a/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts b/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts
@@ -1,4 +1,5 @@
 import { isContainedWithin, safeJoinPath } from '@n8n/backend-common';
+import { SecurityConfig } from '@n8n/config';
 import { Container } from '@n8n/di';
 import type { FileSystemHelperFunctions, INode } from 'n8n-workflow';
 import { NodeOperationError } from 'n8n-workflow';
@@ -8,28 +9,29 @@ import {
 	writeFile as fsWriteFile,
 	realpath as fsRealpath,
 } from 'node:fs/promises';
+import { homedir } from 'node:os';
 import { resolve } from 'node:path';
 
 import {
 	BINARY_DATA_STORAGE_PATH,
 	BLOCK_FILE_ACCESS_TO_N8N_FILES,
 	CONFIG_FILES,
 	CUSTOM_EXTENSION_ENV,
-	RESTRICT_FILE_ACCESS_TO,
 	UM_EMAIL_TEMPLATES_INVITE,
 	UM_EMAIL_TEMPLATES_PWRESET,
 } from '@/constants';
 import { InstanceSettings } from '@/instance-settings';
 
 const getAllowedPaths = () => {
-	const restrictFileAccessTo = process.env[RESTRICT_FILE_ACCESS_TO];
-	if (!restrictFileAccessTo) {
-		return [];
-	}
+	const { restrictFileAccessTo } = Container.get(SecurityConfig);
+	if (restrictFileAccessTo === '') return [];
+
 	const allowedPaths = restrictFileAccessTo
 		.split(';')
 		.map((path) => path.trim())
-		.filter((path) => path);
+		.filter((path) => path)
+		.map((path) => (path.startsWith('~') ? path.replace('~', homedir()) : path));
+
 	return allowedPaths;
 };
 
