To fix the problem, we need to ensure that the constructed file path is contained within a safe root directory. This can be achieved by normalizing the path using path.resolve and then checking that the normalized path starts with the root directory. This approach prevents directory traversal attacks by ensuring that any .. segments are resolved within the root directory.
Normalize the constructed file path using path.resolve.
Check that the normalized path starts with the root directory.
If the check fails, handle the error appropriately (e.g., log the error and throw an exception).
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Fixes https://github.com/DevOps-zhuang/copilot-metric-saver/security/code-scanning/3
To fix the problem, we need to ensure that the constructed file path is contained within a safe root directory. This can be achieved by normalizing the path using
path.resolveand then checking that the normalized path starts with the root directory. This approach prevents directory traversal attacks by ensuring that any..segments are resolved within the root directory.path.resolve.Suggested fixes powered by Copilot Autofix. Review carefully before merging.