search

mgrybyk-org / allure-report-branch-js-action

Allure Report with history per branch (JS)
https://mgrybyk-org.github.io/allure-report-branch-js-action/
MIT License
3 stars 2 forks source link

Uncontrolled data used in path expression vulnerability fix #18

Closed rphacker1618 closed 2 months ago

rphacker1618 commented 2 months ago

Hi @mgrybyk , can you please help in updating this action with below commit code from allure-report-branch-action in order to to fix Uncontrolled data used in path expression vulnerability https://github.com/mgrybyk-org/allure-report-branch-action/pull/21/commits/17a408be667ae2c6272846e0423b65c2b0a0afb5 https://github.com/mgrybyk-org/allure-report-branch-action/pull/21

mgrybyk commented 2 months ago

Hello @rphacker1618,

I'm glad to help. However, I didn't get what problem you want to solve. Can you please provide more details.

Is it a security vulnerability or a functional defect?

rphacker1618 commented 2 months ago

Hi @mgrybyk,

This is security vulnerability detected by CodeQL tool from GitHub , here are the screenshot and code snippet suggested by CodeQL . Kindly Help me in resolving this vulnerability.

Also one request, can you please provide steps to set up the source code onto our local machine.

Thanks, Ravi

CodeQL_Vulnerability Missing_regular_expression_anchor_recommendation UnControlled_data_used_in_path_expression_recommendation_1 UnControlled_data_used_in_path_expression_recommendation_2 UnControlled_data_used_in_path_expression_recommendation_3
mgrybyk commented 2 months ago

@rphacker1618 you may safely ignore these warnings. All of them are false positive.

Feel free to raise a PR to overcome this if you like. I'm closing the issue but we can keep chatting.

can you please provide steps to set up the source code onto our local machine

I don't know what you mean.