To fix the problem, we need to ensure that the constructed file paths are contained within a safe root directory. This can be achieved by normalizing the paths using path.resolve and then verifying that the normalized paths start with the root directory.
Normalize the constructed file paths using path.resolve.
Check that the normalized paths start with the root directory.
If the paths do not start with the root directory, handle the error appropriately (e.g., log an error, throw an exception, or return an error response).
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Fixes https://github.com/DevOps-zhuang/copilot-metric-saver/security/code-scanning/4
To fix the problem, we need to ensure that the constructed file paths are contained within a safe root directory. This can be achieved by normalizing the paths using
path.resolveand then verifying that the normalized paths start with the root directory.path.resolve.Suggested fixes powered by Copilot Autofix. Review carefully before merging.