jupyter · brichet · Apr 17, 2026 · Jan 9, 2026 · Feb 27, 2026 · Feb 27, 2026
diff --git a/nbgrader/server_extensions/validate_assignment/handlers.py b/nbgrader/server_extensions/validate_assignment/handlers.py
@@ -6,6 +6,7 @@
 
 from tornado import web
 from textwrap import dedent
+from pathlib import Path
 
 from jupyter_server.utils import url_path_join as ujoin
 from jupyter_server.base.handlers import JupyterHandler
@@ -38,8 +39,12 @@ def load_config(self):
         return app.config
 
     def validate_notebook(self, path):
-        fullpath = os.path.join(self.root_dir, path)
-
+        root = Path(self.root_dir).resolve()
+        target = (root / path).resolve()
+        if not target.is_relative_to(root):
+            raise web.HTTPError(403, "Access denied: path outside allowed directory")
+        fullpath = str(target)
+
-        root = Path(self.root_dir).resolve()
-        target = (root / path).resolve()
-        if not target.is_relative_to(root):
-            raise web.HTTPError(403, "Access denied: path outside allowed directory")
-        fullpath = str(target)
-        
+        # Basic validation of the incoming path
+        if not isinstance(path, str):
+            raise web.HTTPError(400, "Invalid path type")
+        if not path:
+            raise web.HTTPError(400, "Missing path")
+        if "\x00" in path:
+            # Explicitly reject paths containing null bytes
+            raise web.HTTPError(400, "Invalid path")
+
+        root = Path(self.root_dir).resolve()
+        try:
+            target = (root / path).resolve()
+        except (TypeError, ValueError):
+            # Catch invalid or malformed paths before they reach the validator
+            raise web.HTTPError(400, "Invalid path")
+
+        root_str = os.fspath(root)
+        target_str = os.fspath(target)
+        try:
+            common = os.path.commonpath([root_str, target_str])
+        except ValueError:
+            # On Windows, commonpath raises ValueError for different drives
+            raise web.HTTPError(403, "Access denied: path outside allowed directory")
+
+        if common != root_str:
+            raise web.HTTPError(403, "Access denied: path outside allowed directory")
+
+        fullpath = target_str
-        root = Path(self.root_dir).resolve()
-        target = (root / path).resolve()
-        if not target.is_relative_to(root):
-            raise web.HTTPError(403, "Access denied: path outside allowed directory")
-        fullpath = str(target)
-        
+        # Basic validation of the incoming path
+        if not isinstance(path, str):
+            raise web.HTTPError(400, "Invalid path type")
+        if not path:
+            raise web.HTTPError(400, "Missing path")
+        if "\x00" in path:
+            # Explicitly reject paths containing null bytes
+            raise web.HTTPError(400, "Invalid path")
+
+        root = Path(self.root_dir).resolve()
+        try:
+            target = (root / path).resolve()
+        except (TypeError, ValueError):
+            # Catch invalid or malformed paths before they reach the validator
+            raise web.HTTPError(400, "Invalid path")
+
+        root_str = os.fspath(root)
+        target_str = os.fspath(target)
+        try:
+            common = os.path.commonpath([root_str, target_str])
+        except ValueError:
+            # On Windows, commonpath raises ValueError for different drives
+            raise web.HTTPError(403, "Access denied: path outside allowed directory")
+
+        if common != root_str:
+            raise web.HTTPError(403, "Access denied: path outside allowed directory")
+
+        fullpath = target_str
         try:
             config = self.load_config()
             validator = Validator(config=config)
@@ -144,4 +149,4 @@ def load_jupyter_server_extension(nbapp):
     webapp.add_handlers(".*$", [
         (ujoin(base_url, pat), handler)
         for pat, handler in default_handlers
-    ])
+    ])