Security-wise, if I receive parts of the path from the user, do I need to sanitize them?
Oversimplified example (in Python):
from azure.storage.blob import BlobServiceClient
client = BlobServiceClient.from_connection_string("<mypassword>")
container = client.get_container("mycontainer")
container.upload_blob(f"path/{input()}", b"data")
Can input() contain ../ and thus cause a path traversal attack?
No, azure storage does not allow path traversal.
When it detects the path has ../, it will throw an authentication error.
In short, if the path looks like this path/path2/../aa.txt, in client side, this path will be used to generate a token; in server side, it will automatically remove the ../ from the path, then use the new path(which does not contain ../) to generate a token. Thus the client side token does not match the server side token when authentication. Then an error occurs.