From 40a95e5f39d3f167bebf9232da9fab64818ba97d Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Sun, 26 Nov 2023 00:09:07 +0100
Subject: [PATCH] avoid unhandled error on some invalid paths (#1369)

---
 jupyter_server/services/contents/fileio.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/jupyter_server/services/contents/fileio.py b/jupyter_server/services/contents/fileio.py
index 45607944ce..19f84f4653 100644
--- a/jupyter_server/services/contents/fileio.py
+++ b/jupyter_server/services/contents/fileio.py
@@ -270,6 +270,17 @@ def _get_os_path(self, path):
         if os.path.splitdrive(path)[0]:
             raise HTTPError(404, "%s is not a relative API path" % path)
         os_path = to_os_path(ApiPath(path), root)
+        # validate os path
+        # e.g. "foo\0" raises ValueError: embedded null byte
+        try:
+            os.lstat(os_path)
+        except OSError:
+            # OSError could be FileNotFound, PermissionError, etc.
+            # those should raise (or not) elsewhere
+            pass
+        except ValueError:
+            raise HTTPError(404, f"{path} is not a valid path") from None
+
         if not (os.path.abspath(os_path) + os.path.sep).startswith(root):
             raise HTTPError(404, "%s is outside root contents directory" % path)
         return os_path