Fix code scanning alert - golang: path/filepath: path-filepath filepath.Clean path traversal

2lambda123 commented 2 weeks ago

Tracking issue for:

[ ] https://github.com/2lambda123/cisagov-Malcolm/security/code-scanning/19

secure-code-warrior-for-github[bot] commented 2 weeks ago

Micro-Learning Topic: Path traversal (Detected by phrase)

Matched on "path traversal"

What is this? (2min video)

Path traversal vulnerabilities occur when inputs that have not been sufficiently validated or sanitised are used to build directory or file paths. If an attacker can influence the path being accessed by the server, they may be able to gain unauthorised access to files or even execute arbitrary code on the server (when coupled with file upload functionality).

Try a challenge in Secure Code Warrior

Helpful references

OWASP Input Validation Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing injection and input validation flaws in your applications, including defence against path traversal.
OWASP Path Traversal - OWASP community page with comprehensive information about path traversal, and links to various OWASP resources to help detect or prevent it.

git-greetings[bot] commented 2 weeks ago

Thanks @2lambda123 for opening this issue!

For COLLABORATOR only :

To add labels, comment on the issue /label add label1,label2,label3
To remove labels, comment on the issue /label remove label1,label2,label3

gitginie[bot] commented 2 weeks ago

@2lambda123! Thank you for your contribution to this repository! We appreciate your effort in opening issue. Happy coding!

git-greetings[bot] commented 2 weeks ago

Issues Details of @2lambda123 in cisagov-Malcolm :	OPEN	CLOSED	TOTAL
30	0	30

codeautopilot[bot] commented 2 weeks ago

Your organization has reached the subscribed usage limit. You can upgrade your account by purchasing a subscription at Stripe payment link

2lambda123 / cisagov-Malcolm