Skip to content

Commit dcefefb

Browse files
fix: V-001 security vulnerability
Automated security fix generated by OrbisAI Security
1 parent d0cec67 commit dcefefb

1 file changed

Lines changed: 3 additions & 0 deletions

File tree

drivers/local/util.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,9 @@ func sanitizeFilePath(path string) (string, error) {
4949
if !filepath.IsAbs(cleaned) {
5050
return "", fmt.Errorf("file path must be absolute: %s", path)
5151
}
52+
if strings.ContainsAny(cleaned, ";&|`$<>!\n\r\x00") {
53+
return "", fmt.Errorf("file path contains invalid characters: %s", path)
54+
}
5255
info, err := os.Stat(cleaned)
5356
if err != nil {
5457
return "", fmt.Errorf("file path is not accessible: %w", err)

0 commit comments

Comments
 (0)