search

mariana-bteixeira / python-mini-projects

A collection of simple python mini projects to enhance your python skills
https://python-world.github.io/python-mini-projects/#/
MIT License
0 stars 0 forks source link

CX Path_Traversal @ projects/EasyVideoPlayer/EasyVideoPlayer.py [master] #4

Open mariana-bteixeira opened 7 months ago

mariana-bteixeira commented 7 months ago

Path_Traversal issue exists @ projects/EasyVideoPlayer/EasyVideoPlayer.py in branch master

Method input at line 11 of projects\EasyVideoPlayer\EasyVideoPlayer.py gets dynamic data from the input element. This element’s value then flows through the code and is eventually used in a file path for local disk access in find_the_video at line 17 of projects\EasyVideoPlayer\EasyVideoPlayer.py. This may cause a Path Traversal vulnerability.Similarity ID: -448837554

Severity: Medium

CWE:22

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 11

Code (Line #11):

video_directory_guess = input("Directory that may contain the video:    ")
mariana-bteixeira commented 7 months ago

Issue still exists.