search

fugerit-org / fj-doc

Fugerit Document Generation Framework (fj-doc)Fugerit Doc
https://www.fugerit.org/perm/venus/
Apache License 2.0
13 stars 2 forks source link

Fix code scanning alert no. 103: Partial path traversal vulnerability from remote #216

Closed fugerit79 closed 1 week ago

fugerit79 commented 1 week ago

Fixes https://github.com/fugerit-org/fj-doc/security/code-scanning/103

To fix the partial path traversal vulnerability, we need to ensure that the base directory path (tempDir) is slash-terminated before checking if the user-supplied path (file) starts with it. This can be achieved by modifying the checkIfInTempFolder method to use toPath().normalize() for both the base directory and the user-supplied path, which provides a more robust way to check if one path is a subdirectory of another.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

sonarcloud[bot] commented 1 week ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud