Closed soenkehahn closed 2 years ago
I would argue that we don't need a test for this, since we shouldn't test rust-embed
's behavior. Given that this is a bit scary, I could be convinced otherwise though. @casey
I agree. Also, I think if we do #271, i.e. normalize and reject ..
in the request handler, and write a test for that, we don't need to write a specific test for this vulnerability.
Also LGTM
This fixes #270.