fix-path-traversal-vulnerability

harness / gitness

Gitness is an Open Source developer platform with Source Control management, Continuous Integration and Continuous Delivery.

https://gitness.com

Apache License 2.0

32.09k stars 2.8k forks source link

fix-path-traversal-vulnerability #3399

Closed DharunKumar04 closed 11 months ago

DharunKumar04 commented 11 months ago

This pull request addresses a path traversal vulnerability in the codebase, as reported by Snyk. The vulnerability arises from unvalidated user input being used as a path in the fs.readFileSync function, potentially allowing an attacker to read arbitrary files.

Changes Made

Implemented input validation and sanitization to prevent path traversal attacks.
Enforced strict file path handling to avoid unintended access to sensitive files.
Enhanced security checks to safeguard against unauthorized access.

CLAassistant commented 11 months ago

All committers have signed the CLA.

DharunKumar04 commented 11 months ago

@tan-nhu Thanks for your feedback and for considering the change. I've updated the configuration as 'code' as you suggested to simplify the script. This change aligns with the current usage pattern and reduces potential complexity.

Regarding the use of restful-react, we'll keep an eye on its deprecation and plan to transition to the new library when needed.and thanks for the input !!

I've also ensured that Prettier has been run against the changed files as requested.

If you have any further suggestions or concerns, please feel free to let me know. Your input is greatly appreciated!

DharunKumar04 commented 11 months ago

Hi @hitesharinga, the PR has been approved by @tan-nhu. Please merge it so that we can close this. Thank you.

hitesharinga commented 11 months ago

Hey @DharunKumar04, Thank you for the Fix. I have merged it. Really appreciate it.