Security Messages
See Errors & Warnings Catalog for the full index, and Errors & Warnings Guide for a narrative explanation of message categories, exit codes, and common fixes.
Messages from security checks, including path validation, traversal detection, and Unicode safety enforcement.
| Message | Exit Code | Hint |
|---|---|---|
| π¨ Absolute path not allowed: [path] | 9 | π‘ Use a relative path from your source directory instead of an absolute path |
| π¨ Cannot remove root directory: [path] | 9 | π‘ SSI will never remove the filesystem root β check your deploy path configuration |
| π¨ Deploy directory is a symlink: [path] π SECURITY: SSI will not deploy to symlinked directories π‘ Use a real directory path, not a symlink π This prevents attackers from tricking SSI into writing to unintended locations | 9 | π‘ If you use atomic deployment, the symlink should point to the deployment, not be the deploy directory itself |
| π¨ Path is empty or resolves to the current directory: [path] | 9 | π‘ Provide a non-empty relative path β empty strings and bare '.' paths collapse to the current directory |
| π¨ External path access denied: [path] π‘ Use --allow-external-paths for [source] if you understand the risks | 9 | π‘ External paths require both a config option on the step AND a CLI flag for safety |
| π¨ Step [step] ([emoji]): Missing required CLI flag for external path in '[field]' field: [path] π‘ Step [step] has options = ["allow-external-paths"] but CLI flag is missing π Add to command: --allow-external-paths β οΈ Dual-flag security: BOTH the config option AND CLI flag are required | 9 | π‘ The config option is already set β add --allow-external-paths to your command to complete the dual-flag requirement |
| π¨ Step [step] ([emoji]): Missing required config option for external path in '[field]' field: [path] π‘ CLI flag --allow-external-paths provided but step [step] lacks the option π Add to step [step]: options = ["allow-external-paths"] β οΈ Dual-flag security: BOTH the config option AND CLI flag are required | 9 | π‘ The CLI flag is set β add options = ["allow-external-paths"] to the step in ssi-config.toml |
| π¨ Step [step] ([emoji]): Absolute path not allowed in '[field]' field: [path] π‘ External paths require BOTH config option AND CLI flag π Add to step [step]: options = ["allow-external-paths"] π Add to command: --allow-external-paths β οΈ Security: This allows the step to access files outside your site directory | 9 | π‘ The dual-flag design ensures external path access is always an intentional, explicit choice |
| π¨ External path [path] found in [emoji] ([path hint]) β οΈ This file is outside the site root directory π‘ Use --allow-external-paths flag and add 'allow-external-paths' to options to allow external files | 9 | π‘ External paths require both a config option on the step AND a CLI flag for safety |
| π¨ File source '[source]' has 'allow-external-paths' in options β οΈ Security-sensitive: allowing external paths for [source] means symlinks can escape source directory π‘ You must ALSO provide --allow-external-paths CLI flag for source '[source]' π Dual-flag requirement for [source] prevents accidental security vulnerabilities | 9 | π‘ The dual-flag design ensures external path access is always an intentional, explicit choice |
| π¨ Path does not end with .blue or .green: [path] | 9 | π‘ Blue-green deployment directories must end with '.blue' or '.green' (e.g., ~/public_html/mysite.blue) |
| π¨ Null byte in path rejected: [path] | 9 | π‘ On Linux, paths containing null bytes are silently truncated by the kernel β this is a security hazard and SSI rejects them explicitly |
| π¨ Deployment path contains a traversal component (..): [path] | 9 | π‘ Provide an absolute deployment path without any '..' components β a valid deployment path ends in a .blue or .green suffix with no parent-directory escapes |
| π¨ Path must be absolute for security check: [path] | 9 | π‘ This is an internal error β the path should have been resolved to an absolute path before the security check |
| π¨ Parent directory references not allowed in source paths: '[path]' | 9 | π‘ Remove ../ components from the path β all source paths must stay within the site directory |
| π¨ Step [step] ([emoji]): Missing required CLI flag for parent directory path in '[field]' field: [path] π‘ Step [step] has options = ["allow-external-paths"] but CLI flag is missing π Add to command: --allow-external-paths β οΈ Dual-flag security: BOTH the config option AND CLI flag are required | 9 | π‘ The config option is already set β add --allow-external-paths to your command to complete the dual-flag requirement |
| π¨ Step [step] ([emoji]): Missing required config option for parent directory path in '[field]' field: [path] π‘ CLI flag --allow-external-paths provided but step [step] lacks the option π Add to step [step]: options = ["allow-external-paths"] β οΈ Dual-flag security: BOTH the config option AND CLI flag are required | 9 | π‘ The CLI flag is set β add options = ["allow-external-paths"] to the step in ssi-config.toml |
| π¨ Step [step] ([emoji]): Parent directory path not allowed in '[field]' field: [path] π‘ External paths require BOTH config option AND CLI flag π Add to step [step]: options = ["allow-external-paths"] π Add to command: --allow-external-paths β οΈ Security: This allows the step to access files outside your site directory | 9 | π‘ The dual-flag design ensures external path access is always an intentional, explicit choice |
| π¨ Preserve-from directory is a symlink: [path] π SECURITY: SSI will not preserve from symlinked directories π‘ Use a real directory path with --preserve-from, not a symlink π This prevents attackers from tricking SSI into reading from unintended locations | 9 | π‘ Resolve the symlink and use the real directory path for --preserve-from |
| π¨ Cannot write to protected system directory: [path] π‘ Please choose a web-accessible directory, such as ~/public_html | 9 | π‘ SSI blocks writes to system directories (/etc, /usr, /bin, etc.) to prevent accidental damage |
| π¨ Cannot read from protected system directory: [path] π‘ System directories like /etc, /dev, /proc, and /sys are always off-limits, even with --allow-external-paths | 9 | π‘ This restriction cannot be overridden β copy the needed files to your source directory instead |
| π¨ Path rejected during source access: [path] (filesystem security check failed) | 9 | π‘ This often means a symlink, traversal, or similar rule blocked reading this path β check the path and whether --allow-external-paths or step options are required |
| π¨ Bidirectional control character (U+[error code]) in π¬source_path, line [line] | 9 | π‘ Bidi controls can reverse the visual order of text β used in Trojan Source attacks to make malicious code look benign. Remove the character. |
| π¨ Byte Order Mark at offset [offset] in π¬source_path, line [line] | 9 | π‘ A BOM (U+FEFF) is only valid at the start of a file β remove the misplaced BOM |
| π¨ C0 control character (U+[error code]) in π¬source_path, line [line] | 9 | π‘ C0 control characters (non-printable ASCII, U+0000βU+001F and U+007F) cause rendering hazards and can confuse parsers. Remove the character or replace with the appropriate whitespace. |
| π¨ C1 control character (U+[error code]) in π¬source_path, line [line] | 9 | π‘ C1 control characters (U+0080βU+009F) are 8-bit non-printable characters with no legitimate use in UTF-8 HTML source β they cause rendering hazards in some parsers. Remove the character. |
| π¨ Excessive combining characters in π¬source_path, line [line] (found: π¬quantity_found, limit: [max] per base) | 9 | π‘ Excessive combining characters may indicate a combining character attack β reduce combining marks per base character |
| π¨ Format control character (U+[error code]) in π¬source_path, line [line] | 9 | π‘ Format control characters include invisible steganographic lookalikes (tag block U+E0001, U+E0020βU+E007F) and invisible line/paragraph separators (U+2028, U+2029). TAG block characters look like ASCII but are invisible β only valid inside subdivision flag sequences (England, Scotland, and Wales emoji). Remove the character. |
| π¨ Standalone zero-width joiner (U+[error code]) in π¬source_path, line [line] | 9 | π‘ Zero Width Joiner (U+200D) outside an emoji sequence is invisible and has no legitimate use in HTML source. Remove the character. |
| π¨ Tag variation selector (U+[error code]) in π¬source_path, line [line] | 9 | π‘ Tag variation selectors (U+E0100βU+E01EF) encode hidden bytes invisibly inside emoji sequences β steganographic injection. Remove the character. |
| π¨ Zero-width character (U+[error code]) in π¬source_path, line [line] | 9 | π‘ Zero-width characters are invisible and can hide content or confuse parsers. Remove the character. |
| π¨ Symlink chain too deep at [path] β exceeded maximum hop limit or OS-detected circular chain π SECURITY: A chain this deep indicates a likely symlink loop attack π‘ SSI limits symlink chain depth to match git and the Linux kernel | 9 | π‘ The depth limit rejects symlink chains of 41 or more links |
| π¨ Symlink [link] points outside site directory to [target] π‘ You must ALSO provide --allow-external-paths CLI flag for source '[source]' π Note: Server configuration may prevent symlink '[link]' from working - verify it resolves correctly | 9 | π‘ Prefer copying the target into your source tree; if you must point outside, add options = ["allow-external-paths"] to the step and pass --allow-external-paths. |
| π¨ Path could not be resolved on disk: '[path]' | 9 | π‘ The path contains .. components but an intermediate directory does not exist β ensure all path components exist, or use a fully resolved path without .. |
| π¨ Write path escaped the deploy-directory boundary: [path] π SECURITY: write target is outside the configured deploy root π¬paths_deploy_dir π‘ This indicates a programming error in SSI β all write paths should be constructed via deploy_dir.join() | 9 | π‘ If you see this error, please report it as a bug β it should never occur in normal operation |