To fix the problem, we need to ensure that the constructed file path is contained within a safe root folder. This can be achieved by normalizing the path using os.path.normpath and then checking that the normalized path starts with the BASE_DIR. This approach will prevent path traversal attacks by ensuring that the user cannot escape the intended directory.
Normalize the folder_path using os.path.normpath.
Check that the normalized folder_path starts with BASE_DIR.
If the check fails, raise an exception or show an error message.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Fixes https://github.com/GSA/FedRAMP-OllaLab-Lean/security/code-scanning/7
To fix the problem, we need to ensure that the constructed file path is contained within a safe root folder. This can be achieved by normalizing the path using
os.path.normpathand then checking that the normalized path starts with theBASE_DIR. This approach will prevent path traversal attacks by ensuring that the user cannot escape the intended directory.folder_pathusingos.path.normpath.folder_pathstarts withBASE_DIR.Suggested fixes powered by Copilot Autofix. Review carefully before merging.