To fix the partial path traversal vulnerability, we need to ensure that the base directory path (tempDir) is slash-terminated before checking if the user-supplied path (file) starts with it. This can be achieved by modifying the checkIfInTempFolder method to use toPath().normalize() for both the base directory and the user-supplied path, which provides a more robust way to check if one path is a subdirectory of another.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Fixes https://github.com/fugerit-org/fj-doc/security/code-scanning/103
To fix the partial path traversal vulnerability, we need to ensure that the base directory path (
tempDir
) is slash-terminated before checking if the user-supplied path (file
) starts with it. This can be achieved by modifying thecheckIfInTempFolder
method to usetoPath().normalize()
for both the base directory and the user-supplied path, which provides a more robust way to check if one path is a subdirectory of another.Suggested fixes powered by Copilot Autofix. Review carefully before merging.