Add a homeDir field in LocalFileSystem for removefile to check

src/binder/bind/bind_extension.cpp

@@ -26,7 +26,7 @@ static void bindLoadExtension(const ExtensionStatement* extensionStatement) {
     if (ExtensionUtils::isOfficialExtension(extensionStatement->getPath())) {
         return;
     }
-    auto localFileSystem = common::LocalFileSystem();
+    auto localFileSystem = common::LocalFileSystem("");
     if (!localFileSystem.fileOrPathExists(extensionStatement->getPath(),
             nullptr /* clientContext */)) {
         throw common::BinderException(

src/common/file_system/local_file_system.cpp

@@ -220,10 +220,14 @@ void LocalFileSystem::createDir(const std::string& dir) const {
             // LCOV_EXCL_STOP
         }
         auto directoryToCreate = dir;
-        if (directoryToCreate.ends_with('/')) {
+        if (directoryToCreate.ends_with('/')
+#if defined(_WIN32)
+            || directoryToCreate.ends_with('\\')
+#endif
+        ) {
             // This is a known issue with std::filesystem::create_directories. (link:
             // https://github.com/llvm/llvm-project/issues/60634). We have to manually remove the
-            // last '/' if the path ends with '/'.
+            // last '/' if the path ends with '/'. (Added the second one for windows)
             directoryToCreate = directoryToCreate.substr(0, directoryToCreate.size() - 1);
         }
         std::error_code errCode;
@@ -247,9 +251,34 @@ void LocalFileSystem::createDir(const std::string& dir) const {
     }
 }
 
+bool isSubdirectory(const std::filesystem::path& base, const std::filesystem::path& sub) {
+    try {
+        // Resolve paths to their canonical form
+        auto canonicalBase = std::filesystem::canonical(base);
+        auto canonicalSub = std::filesystem::canonical(sub);
+
+        std::string relative = std::filesystem::relative(canonicalSub, canonicalBase).string();
+        // Size check for a "." result.
+        // If the path starts with "..", it's not a subdirectory.
+        return !relative.empty() && !(relative.starts_with(".."));
+
+    } catch (const std::filesystem::filesystem_error& e) {
+        // Handle errors, e.g., if paths don't exist
+        std::cerr << "Filesystem error: " << e.what() << std::endl;
+        return false;
+    }
+
+    return false;
+}
+
 void LocalFileSystem::removeFileIfExists(const std::string& path) {
-    if (!fileOrPathExists(path))
+    if (!fileOrPathExists(path)) {
         return;
+    }
+    if (!isSubdirectory(homeDir, path)) {
+        throw IOException(stringFormat("Error: Path {} is not within the allowed home directory {}",
+            path, homeDir));
+    }
     std::error_code errCode;
     bool success = false;
     if (std::filesystem::is_directory(path)) {

src/common/file_system/virtual_file_system.cpp

@@ -8,7 +8,11 @@ namespace kuzu {
 namespace common {
 
 VirtualFileSystem::VirtualFileSystem() {
-    defaultFS = std::make_unique<LocalFileSystem>();
+    defaultFS = std::make_unique<LocalFileSystem>("");
+}
+
+VirtualFileSystem::VirtualFileSystem(std::string homeDir) {
+    defaultFS = std::make_unique<LocalFileSystem>(homeDir);
 }
 
 VirtualFileSystem::~VirtualFileSystem() = default;

src/include/common/file_system/file_system.h

@@ -36,6 +36,10 @@ class KUZU_API FileSystem {
     friend struct FileInfo;
 
 public:
+    FileSystem() = default;
+
+    explicit FileSystem(std::string homeDir) : homeDir(std::move(homeDir)) {}
+
     virtual ~FileSystem() = default;
 
     virtual std::unique_ptr<FileInfo> openFile(const std::string& path, int flags,
@@ -92,6 +96,8 @@ class KUZU_API FileSystem {
     virtual void truncate(FileInfo& fileInfo, uint64_t size) const;
 
     virtual uint64_t getFileSize(const FileInfo& fileInfo) const = 0;
+
+    std::string homeDir;
 };
 
 } // namespace common

src/include/common/file_system/local_file_system.h

@@ -27,6 +27,8 @@ struct LocalFileInfo : public FileInfo {
 
 class KUZU_API LocalFileSystem final : public FileSystem {
 public:
+    explicit LocalFileSystem(std::string homeDir) : FileSystem(std::move(homeDir)) {}
+
     std::unique_ptr<FileInfo> openFile(const std::string& path, int flags,
         main::ClientContext* context = nullptr,
         FileLockType lock_type = FileLockType::NO_LOCK) override;

src/include/common/file_system/virtual_file_system.h

@@ -20,6 +20,7 @@ class KUZU_API VirtualFileSystem final : public FileSystem {
 
 public:
     VirtualFileSystem();
+    explicit VirtualFileSystem(std::string homeDir);
 
     ~VirtualFileSystem() override;
 

src/include/storage/storage_utils.h

@@ -7,6 +7,9 @@
 #include "common/file_system/virtual_file_system.h"
 #include "common/null_mask.h"
 #include "common/types/types.h"
+#include "main/client_context.h"
+#include "main/db_config.h"
+#include "main/settings.h"
 #include "storage/db_file_id.h"
 
 namespace kuzu {
@@ -135,6 +138,23 @@ class StorageUtils {
         return vfs->joinPath(directory, common::StorageConstants::LOCK_FILE_NAME);
     }
 
+    static std::string expandPath(main::ClientContext* context, const std::string& path) {
+        if (main::DBConfig::isDBPathInMemory(path)) {
+            return path;
+        }
+        auto fullPath = path;
+        // Handle '~' for home directory expansion
+        if (path.starts_with('~')) {
+            fullPath = context->getCurrentSetting(main::HomeDirectorySetting::name)
+                           .getValue<std::string>() +
+                       fullPath.substr(1);
+        }
+        // Normalize the path to resolve '.' and '..'
+        std::filesystem::path normalizedPath =
+            std::filesystem::absolute(fullPath).lexically_normal();
+        return normalizedPath.string();
+    }
+
     // Note: This is a relatively slow function because of division and mod and making std::pair.
     // It is not meant to be used in performance critical code path.
     static std::pair<uint64_t, uint64_t> getQuotientRemainder(uint64_t i, uint64_t divisor) {

src/main/database.cpp

@@ -1,5 +1,6 @@
 #include "main/database.h"
 
+#include "main/client_context.h"
 #include "main/database_manager.h"
 #include "storage/buffer_manager/buffer_manager.h"
 
@@ -86,12 +87,14 @@ std::unique_ptr<storage::BufferManager> Database::initBufferManager(const Databa
 }
 
 void Database::initMembers(std::string_view dbPath, construct_bm_func_t initBmFunc) {
-    vfs = std::make_unique<VirtualFileSystem>();
     // To expand a path with home directory(~), we have to pass in a dummy clientContext which
     // handles the home directory expansion.
-    auto clientContext = ClientContext(this);
     const auto dbPathStr = std::string(dbPath);
-    databasePath = vfs->expandPath(&clientContext, dbPathStr);
+    auto clientContext = ClientContext(this);
+    databasePath = StorageUtils::expandPath(&clientContext, dbPathStr);
+
+    vfs = std::make_unique<VirtualFileSystem>(databasePath);
+
     initAndLockDBDir();
     bufferManager = initBmFunc(*this);
     memoryManager = std::make_unique<MemoryManager>(bufferManager.get(), vfs.get());

test/c_api/database_test.cpp

@@ -1,4 +1,8 @@
+#include <fstream>
+
 #include "c_api/kuzu.h"
+#include "common/exception/io.h"
+#include "common/file_system/virtual_file_system.h"
 #include "graph_test/api_graph_test.h"
 #include "gtest/gtest.h"
 
@@ -100,3 +104,197 @@ TEST_F(CApiDatabaseTest, CreationHomeDir) {
     std::filesystem::remove_all(homePath + "/ku_test.db");
 }
 #endif
+
+TEST_F(CApiDatabaseTest, VirtualFileSystemDeleteFiles) {
+    std::string homeDir = "/tmp/dbHome/";
+    kuzu::common::VirtualFileSystem vfs(homeDir);
+    std::filesystem::create_directories("/tmp/test1");
+    std::filesystem::create_directories("/tmp/dbHome/test1");
+
+    // Attempt to delete files outside the home directory (should error)
+    try {
+        vfs.removeFileIfExists("/tmp/test1");
+    } catch (const kuzu::common::IOException& e) {
+        // Expected behavior
+        EXPECT_STREQ(e.what(), "IO exception: Error: Path /tmp/test1 is not within the allowed "
+                               "home directory /tmp/dbHome/");
+    }
+
+    vfs.removeFileIfExists("/tmp/dbHome/test1");
+
+    ASSERT_TRUE(std::filesystem::exists("/tmp/test1"));
+    ASSERT_FALSE(std::filesystem::exists("/tmp/dbHome/test1"));
+
+    // Cleanup: Remove directories after the test
+    std::filesystem::remove_all("/tmp/test1");
+    std::filesystem::remove_all("/tmp/dbHome/test1");
+}
+
+#ifndef __WASM__ // home directory is not available in WASM
+TEST_F(CApiDatabaseTest, VirtualFileSystemDeleteFilesWithHome) {
+    std::string homeDir = "~/tmp/dbHome/";
+    kuzu::common::VirtualFileSystem vfs(homeDir);
+    std::filesystem::create_directories("~/tmp/test1");
+    std::filesystem::create_directories("~/tmp/dbHome/test1");
+
+    // Attempt to delete files outside the home directory (should error)
+    try {
+        vfs.removeFileIfExists("~/tmp/test1");
+    } catch (const kuzu::common::IOException& e) {
+        // Expected behavior
+        EXPECT_STREQ(e.what(), "IO exception: Error: Path ~/tmp/test1 is not within the allowed "
+                               "home directory ~/tmp/dbHome/");
+    }
+
+    // Attempt to delete files outside the home directory (should error)
+    try {
+        vfs.removeFileIfExists("~");
+    } catch (const kuzu::common::IOException& e) {
+        // Expected behavior
+        EXPECT_STREQ(e.what(),
+            "IO exception: Error: Path ~ is not within the allowed home directory ~/tmp/dbHome/");
+    }
+
+    vfs.removeFileIfExists("~/tmp/dbHome/test1");
+
+    ASSERT_TRUE(std::filesystem::exists("~/tmp/test1"));
+    ASSERT_FALSE(std::filesystem::exists("~/tmp/dbHome/test1"));
+
+    // Cleanup: Remove directories after the test
+    std::filesystem::remove_all("~/tmp/test1");
+    std::filesystem::remove_all("~/tmp/dbHome/test1");
+}
+#endif
+
+TEST_F(CApiDatabaseTest, VirtualFileSystemDeleteFilesEdgeCases) {
+    std::string homeDir = "/tmp/dbHome/";
+    kuzu::common::VirtualFileSystem vfs(homeDir);
+    std::filesystem::create_directories("/tmp/dbHome/../test2");
+    std::filesystem::create_directories("/tmp");
+    std::filesystem::create_directories("/tmp/dbHome/test2");
+
+    // Attempt to delete files outside the home directory (should error)
+    try {
+        vfs.removeFileIfExists("/tmp/dbHome/../test2");
+    } catch (const kuzu::common::IOException& e) {
+        // Expected behavior
+        EXPECT_STREQ(e.what(), "IO exception: Error: Path /tmp/dbHome/../test2 is not within the "
+                               "allowed home directory /tmp/dbHome/");
+    }
+
+    try {
+        vfs.removeFileIfExists("/tmp");
+    } catch (const kuzu::common::IOException& e) {
+        // Expected behavior
+        EXPECT_STREQ(e.what(),
+            "IO exception: Error: Path /tmp is not within the allowed home directory /tmp/dbHome/");
+    }
+
+    try {
+        vfs.removeFileIfExists("/tmp/");
+    } catch (const kuzu::common::IOException& e) {
+        // Expected behavior
+        EXPECT_STREQ(e.what(), "IO exception: Error: Path /tmp/ is not within the allowed home "
+                               "directory /tmp/dbHome/");
+    }
+
+    try {
+        vfs.removeFileIfExists("/tmp//////////////////");
+    } catch (const kuzu::common::IOException& e) {
+        // Expected behavior
+        EXPECT_STREQ(e.what(), "IO exception: Error: Path /tmp////////////////// is not within the "
+                               "allowed home directory /tmp/dbHome/");
+    }
+
+    try {
+        vfs.removeFileIfExists("/tmp/./.././");
+    } catch (const kuzu::common::IOException& e) {
+        // Expected behavior
+        EXPECT_STREQ(e.what(), "IO exception: Error: Path /tmp/./.././ is not within the allowed "
+                               "home directory /tmp/dbHome/");
+    }
+
+    try {
+        vfs.removeFileIfExists("/");
+    } catch (const kuzu::common::IOException& e) {
+        // Expected behavior
+        EXPECT_STREQ(e.what(),
+            "IO exception: Error: Path / is not within the allowed home directory /tmp/dbHome/");
+    }
+
+    vfs.removeFileIfExists("/tmp/dbHome/test2");
+
+    ASSERT_TRUE(std::filesystem::exists("/tmp/test2"));
+    ASSERT_FALSE(std::filesystem::exists("/tmp/dbHome/test2"));
+
+    // Cleanup: Remove directories after the test
+    std::filesystem::remove_all("/tmp/test2");
+    std::filesystem::remove_all("/tmp/dbHome/test2");
+}
+
+#if defined(_WIN32)
+TEST_F(CApiDatabaseTest, VirtualFileSystemDeleteFilesWindowsPaths) {
+    // Test Home Directory
+    std::string homeDir = "C:\\Desktop\\dir";
+    kuzu::common::VirtualFileSystem vfs(homeDir);
+
+    // Setup directories for testing
+    std::filesystem::create_directories("C:\\test1");
+    std::filesystem::create_directories("C:\\Desktop\\dir\\test1");
+
+    // Mixed separators: HomeDir uses '\' while path uses '/'
+    std::string mixedSeparatorPath = "C:\\Desktop/dir/test1";
+
+    // Attempt to delete files outside the home directory (should error)
+    try {
+        vfs.removeFileIfExists("C:\\test1");
+        FAIL() << "Expected exception for path outside home directory.";
+    } catch (const kuzu::common::IOException& e) {
+        EXPECT_STREQ(e.what(), "IO exception: Error: Path C:\\test1 is not within the allowed home "
+                               "directory C:\\Desktop\\dir");
+    }
+
+    // Attempt to delete file inside the home directory with mixed separators (should succeed)
+    try {
+        vfs.removeFileIfExists(mixedSeparatorPath);
+    } catch (const kuzu::common::IOException& e) {
+        FAIL() << "Unexpected exception when deleting files: " << e.what();
+    }
+
+    ASSERT_FALSE(std::filesystem::exists("C:\\Desktop\\dir\\test1")); // Should be deleted
+
+    // Cleanup
+    std::filesystem::remove_all("C:\\test1");
+    std::filesystem::remove_all("C:\\Desktop\\dir\\test1");
+}
+#endif
+
+TEST_F(CApiDatabaseTest, VirtualFileSystemDeleteFilesWildcardNoRemoval) {
+    // Test Home Directory
+    std::string homeDir = "/tmp/dbHome_wildcard/";
+    kuzu::common::VirtualFileSystem vfs(homeDir);
+
+    // Setup files and directories
+    std::filesystem::create_directories("/tmp/dbHome_wildcard/test1_wildcard");
+    std::filesystem::create_directories("/tmp/dbHome_wildcard/test2_wildcard");
+    std::filesystem::create_directories("/tmp/dbHome_wildcard/nested_wildcard");
+    std::ofstream("/tmp/dbHome_wildcard/nested_wildcard/file1.txt").close();
+    std::ofstream("/tmp/dbHome_wildcard/nested_wildcard/file2.test").close();
+
+    // Attempt to remove files with wildcard pattern
+    try {
+        vfs.removeFileIfExists("/tmp/dbHome_wildcard/test*");
+    } catch (const kuzu::common::IOException& e) {
+        // Verify the exception is thrown for unsupported wildcard
+        EXPECT_STREQ(e.what(), "Error: Wildcard patterns are not supported in paths.");
+    }
+
+    // Verify files and directories still exist
+    ASSERT_TRUE(std::filesystem::exists("/tmp/dbHome_wildcard/test1_wildcard"));
+    ASSERT_TRUE(std::filesystem::exists("/tmp/dbHome_wildcard/test2_wildcard"));
+    ASSERT_TRUE(std::filesystem::exists("/tmp/dbHome_wildcard/nested_wildcard/file1.txt"));
+    ASSERT_TRUE(std::filesystem::exists("/tmp/dbHome_wildcard/nested_wildcard/file2.test"));
+
+    // Cleanup
+    std::filesystem::remove_all("/tmp/dbHome_wildcard");
+}

test/test_runner/csv_converter.cpp

@@ -14,7 +14,7 @@ namespace kuzu {
 namespace testing {
 
 void CSVConverter::copySchemaFile() {
-    LocalFileSystem localFileSystem;
+    LocalFileSystem localFileSystem("");
     auto csvSchemaFile =
         localFileSystem.joinPath(csvDatasetPath, std::string(TestHelper::SCHEMA_FILE_NAME));
     auto outputSchemaFile =
@@ -173,7 +173,7 @@ void CSVConverter::convertCSVFiles() {
 }
 
 void CSVConverter::convertCSVDataset() {
-    LocalFileSystem localFileSystem;
+    LocalFileSystem localFileSystem("");
     if (!localFileSystem.fileOrPathExists(outputDatasetPath)) {
         localFileSystem.createDir(outputDatasetPath);
     }