pbcornell
commented
4 years ago This is a command-line tool that reads any specified file by design; closing.
Closed QiAnXinCodeSafe closed 4 years ago
pbcornell
commented
4 years ago This is a command-line tool that reads any specified file by design; closing.
https://github.com/amzn/ion-hash-java/blob/06f1f12f51c76f48fba20ce2502c7080042da404/src/com/amazon/ionhash/tools/Cli.java#L41-L43
Allowing user to supply file paths to access without sufficient validation and access control checks could lead to sensitive data disclosure and potential recovery of proprietary business logic.