Path Traversal in FRI Server /download Endpoint

[GaneshPatil7517]

@pradeeban
File: fri/server/main.py

The download_file parameter is not sanitized:

download_file = request.args.get('fetch')
return send_from_directory(directory_name, download_file, as_attachment=True)

A request like /download/test?fetchDir=src&fetch=../../../etc/passwd can read any file on the server.

[GaneshPatil7517]

hey @pradeeban what you think can i start working on this....?

[pradeeban]

Sure, go ahead!