From 7c9ce26469d4beb1e9d407c87c7d22fa7df38116 Mon Sep 17 00:00:00 2001
From: AarDG10 <aarol.dsouza@gmail.com>
Date: Mon, 20 Apr 2026 18:34:08 +0530
Subject: [PATCH] feat(utils): add util to ensure sandboxing

This util can be used in places where sandboxing is needed.
---
 frappe/core/doctype/file/utils.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/frappe/core/doctype/file/utils.py b/frappe/core/doctype/file/utils.py
index 20ad5d7253..b966df9770 100644
--- a/frappe/core/doctype/file/utils.py
+++ b/frappe/core/doctype/file/utils.py
@@ -480,3 +480,16 @@ def find_file_by_url(path: str, name: str | None = None) -> "File" | None:
 
 def get_safe_file_name(file_name: str) -> str:
 	return re.sub(r"[/\\%?#]", "_", file_name)
+
+
+def check_path_safety(base_path: str, requested_path: str) -> bool:
+	"""Util to check path safety by ensuring sandboxing and logging unsuccessful attempts"""
+	base_path = os.path.realpath(base_path)
+	requested_path = os.path.realpath(requested_path)
+	if os.path.commonpath([base_path, requested_path]) != base_path:
+		frappe.log_error(
+			title="Attempted Unauthorized File Access",
+			message=f"Blocked access to: {requested_path}",
+		)
+		return False
+	return True