Closed rpl-ffl closed 3 months ago
Thanks @evgensheff Worth noting: "I think filepath.Abs is a gamechanger. It doesn't matter what safe or baseDir we have, codeQL just w ant to be sure it does not have .. or ../.. to navigate inside our fileserver."
Uncontrolled data used in path expression
https://codeql.github.com/codeql-query-help/go/go-path-injection/
Fixes https://github.com/Fantom-foundation/Aida/issues/1110