Export .source() - Never checks fs

davglass / lcov-parse

Simple LCOV file parser

Other

53 stars 13 forks source link

Export .source() - Never checks fs #7

Closed bencevans closed 10 years ago

bencevans commented 10 years ago

I've got a case where anyone can specify the source through an API. However I don't want them able to specify "source" that's in fact a path of a potentially private file such as a config file on the server.

By using lcovParser.source(stringHere) I can negate the vulnerability.

davglass commented 10 years ago

Thanks, published in lcov-parse@0.0.8

bencevans commented 10 years ago

Cheers!

On Tue, Jun 17, 2014 at 6:28 PM, Dav Glass notifications@github.com wrote:

Thanks, published in lcov-parse@0.0.8

— Reply to this email directly or view it on GitHub https://github.com/davglass/lcov-parse/pull/7#issuecomment-46338860.