Fix [BUG] Fix code scanning alert - I/O function calls should not be vulnerable to path injection attacks with gitauto model

[gitauto-ai[bot]]

Original issue: #29

Why the bug occurs

The bug occurs due to the use of unsanitized user input in file path operations, which makes the application vulnerable to path injection attacks. This can allow an attacker to manipulate file paths and potentially access unauthorized files or directories.

How to reproduce

1. Identify a part of the application where file paths are constructed using user input.
2. Inject a malicious path (e.g., ../../../../etc/passwd) into the user input field.
3. Observe if the application accesses or attempts to access the unauthorized file.

How to fix

1. Validate and sanitize all user inputs that are used in file path operations.
2. Use built-in functions or libraries to safely handle file paths.
3. Implement a whitelist of allowed file paths or directories.
4. Review and update the codebase to ensure all file path operations are secure.

Changes made:

• Updated file path handling in Src/Geral/Includes/favicon.php to sanitize user inputs.
• Added validation functions in Src/Geral/Static/utils.js to ensure safe file path operations.
• Reviewed and updated other relevant files to ensure consistent and secure handling of file paths.

Test these changes locally

git checkout -b gitauto/issue-#29-8c65a39c-197a-40f5-a25f-a103588eee38
git pull origin gitauto/issue-#29-8c65a39c-197a-40f5-a25f-a103588eee38

[guibranco]

@gstraccini review

[guibranco]

@gstraccini review

[gstraccini[bot]]

Reviewing this pull request.

Commits included: SHA: 791c7332022fc520cda1f1f990ee776b451ddf3b SHA: fbaf879cfac99a1e788aa678dff103fe9a3bee01 SHA: d790353df5fe9d63663a7eb3c873dbf316cc0803 ! :eyes:

[sonarcloud[bot]]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarCloud

[github-actions[bot]]

Infisical secrets check: :rotating_light: Secrets leaked!

Scan results:

1:37AM INF scanning for exposed secrets...
1:37AM INF 75 commits scanned.
1:37AM INF scan completed in 257ms
1:37AM WRN leaks found: 2

🔎 Detected secrets in your GIT history

| RuleID | Commit | File | SymlinkFile | Secret | Match | StartLine | EndLine | StartColumn | EndColumn | Author | Message | Date | Email | Fingerprint | |-----------------|------------------------------------------|-----------------------------|-------------|----------|------------------------|-----------|---------|-------------|-----------|---------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------|----------------------------------|-----------------------------------------------------------------------------------------| | generic-api-key | 5ccd1929c1869bad656231fb5c46138463f4864c | Src/Geral/Static/scripts.js | | REDACTED | "token = ""REDACTED""" | 18 | 18 | 17 | 84 | Guilherme Branco Stracini | Merge pull request #16 from InovacaoMediaBrasil/feature/fix-location\\n\\nFix locations\\n\\ncommit ee94f129c2e0504a1d1899ef561f6429d4b291f9\\nAuthor: Guilherme Branco Stracini \\nDate: Wed Apr 12 01:57:50 2023 +0400\\n\\nFix locations | 2023-04-11T21:58:12Z | guilherme@guilhermebranco.com.br | 5ccd1929c1869bad656231fb5c46138463f4864c:Src/Geral/Static/scripts.js:generic-api-key:18 | | generic-api-key | ce79a822b3639fa6695c9dcc66cf98a0dd5f0787 | Geral/Static/scripts.js | | REDACTED | "token = ""REDACTED""" | 18 | 18 | 17 | 84 | Guilherme Branco Stracini | "+ Adicionado arquivos das 3 intranets (Geral, TI e Marketing)" | 2018-11-05T18:02:31Z | gui.branco@hotmail.com.br | ce79a822b3639fa6695c9dcc66cf98a0dd5f0787:Geral/Static/scripts.js:generic-api-key:18 |

[gstraccini[bot]]

Reviewing this pull request.

Commits included: SHA: 791c7332022fc520cda1f1f990ee776b451ddf3b SHA: fbaf879cfac99a1e788aa678dff103fe9a3bee01 SHA: d790353df5fe9d63663a7eb3c873dbf316cc0803 SHA: 04b62390348d54d0d57e3f397a0d2cfcd09fc73a SHA: f7a26670a1fbb15df27ee2ce69e25f885c470d33 ! :eyes: