Python script that randomizes various things in DK64. See the readme for current options that are available to be randomized as well as other features.
To fix the problem, we need to ensure that the constructed file path is contained within a safe root folder. We can achieve this by normalizing the path using os.path.normpath and then checking that the normalized path starts with the root folder. Additionally, we should use werkzeug.utils.secure_filename to sanitize the hash parameter to eliminate any special characters.
Import secure_filename from werkzeug.utils.
Use secure_filename to sanitize the hash parameter.
Normalize the constructed file path using os.path.normpath.
Check that the normalized path starts with the root folder.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Fixes https://github.com/2dos/DK64-Randomizer/security/code-scanning/40
To fix the problem, we need to ensure that the constructed file path is contained within a safe root folder. We can achieve this by normalizing the path using
os.path.normpathand then checking that the normalized path starts with the root folder. Additionally, we should usewerkzeug.utils.secure_filenameto sanitize thehashparameter to eliminate any special characters.secure_filenamefromwerkzeug.utils.secure_filenameto sanitize thehashparameter.os.path.normpath.Suggested fixes powered by Copilot Autofix. Review carefully before merging.