Insecure code in cloudinary-cli/modules/upload_dir.py

[simran-sankhala]

Bug report for Cloudinary CLI

there were a few areas where security could be a concern:

Input Sanitization and Validation:

The code doesn't appear to have extensive input validation or sanitization for user-provided arguments and options. This could potentially lead to issues like code injection or unexpected behavior if malicious input is provided.

# Example of user input that could be potentially risky without validation/sanitization
uploads.append((file_path, {**options, **folder_options}, items, skipped))

…

Issue Type (Can be multiple)

• [ ] Build - Cannot install or import the SDK
• [x] Performance - Performance issues
• [ ] Behaviour - Functions are not working as expected (such as generate URL)
• [ ] Documentation - Inconsistency between the docs and behaviour
• [ ] Other (Specify)

Operating System

• [ ] Linux
• [ ] Windows
• [ ] macOS
• [x] All

[HeetVekariya]

Hey @simran-sankhala I can work on this issue.

[HeetVekariya]

Thank you for assigning me, will get back to you asap, when i am ready with the solution Also will this PR be counted under the https://cloudinary.com/blog/hacktoberfest-celebrate-open-source-sdks ?

[colbyfayock]

@HeetVekariya before you begin this there is already a pull request opened by @simran-sankhala that needs to be reviewed. If that PR is invalid and the issue opens up you're welcome to submit a PR yourself

This issue has also not been reviewed by the team to determine if it's needed so we'll need to wait to hear back as well