demo_path_traversal.py

import os
from source.data_loader import DataLoader

print('---[1] normal path load---')
loader = DataLoader('patient_data/stroke_clean.csv')
df = loader.load_and_clean()
print('OK shape =', df.shape)
print('OK sample patient_id =', df['patient_id'].head(3).tolist())

print('\n---[2] traversal attempt---')
bad = 'patient_data/../secrets/national_id.csv'
print('user_input =', bad)
print('abspath    =', os.path.abspath(bad))

try:
    loader2 = DataLoader(bad)
    df2 = loader2.load_and_clean()
    print('UNEXPECTED: loaded shape =', df2.shape)
    # If it loads, still avoid wide output.
    cols = [c for c in ('patient_id', 'national_id') if c in df2.columns]
    print('UNEXPECTED: leaked columns =', cols)
except Exception as e:
    print('Result: traversal path was attempted, then failed later due to schema mismatch')
    print('error =', type(e).__name__ + ':', e)

print('\n[Note] This shows why allowlisting paths must happen BEFORE parsing the file.')