2lambda123 / cisagov-Malcolm

Other
0 stars 0 forks source link

Fix code scanning alert - golang: path/filepath: path-filepath filepath.Clean path traversal #49

Open 2lambda123 opened 2 months ago

2lambda123 commented 2 months ago

Tracking issue for:

git-greetings[bot] commented 2 months ago

Thanks @2lambda123 for opening this issue!

For COLLABORATOR only :

secure-code-warrior-for-github[bot] commented 2 months ago

Micro-Learning Topic: Path traversal (Detected by phrase)

Matched on "path traversal"

What is this? (2min video)

Path traversal vulnerabilities occur when inputs that have not been sufficiently validated or sanitised are used to build directory or file paths. If an attacker can influence the path being accessed by the server, they may be able to gain unauthorised access to files or even execute arbitrary code on the server (when coupled with file upload functionality).

Try a challenge in Secure Code Warrior

Helpful references
  • OWASP Input Validation Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing injection and input validation flaws in your applications, including defence against path traversal.
  • OWASP Path Traversal - OWASP community page with comprehensive information about path traversal, and links to various OWASP resources to help detect or prevent it.
git-greetings[bot] commented 2 months ago
Issues Details of @2lambda123 in cisagov-Malcolm : OPEN CLOSED TOTAL
30 0 30
codeautopilot[bot] commented 2 months ago

Your organization has reached the subscribed usage limit. You can upgrade your account by purchasing a subscription at Stripe payment link