Gradio Path Traversal Vulnerability on Windows

A path traversal vulnerability has been identified in the Gradio application, specifically in version git 67e4044. This vulnerability allows unauthorized access to blocked file paths on Windows operating systems. The issue arises from a flaw in the 'blocked_path' functionality, which is meant to prevent users from reading certain files. While the application effectively blocks direct access to specific files, it fails to do so when NTFS Alternate Data Streams (ADS) syntax is used. As a result, blocked files can be read without authorization.

Impact

Exploitation of this vulnerability allows for the unauthorized reading of files that are meant to be blocked, bypassing the application's file access restrictions.

Reproduction

To reproduce this vulnerability, first create a Gradio application that is configured to block access to a specific file, such as 'C:/tmp/secret.txt'. Ensure that the file exists in the specified directory. When the application is launched with the 'blocked_paths' parameter set to the path of the file, it correctly denies access by returning a message indicating that the file is not allowed. However, if the same file is requested using NTFS ADS syntax, the application fails to block access and instead returns the full content of the file. This demonstrates how the vulnerability can be exploited by bypassing the intended file access controls.