Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
In the last sonar report, there is a new Sonar Vulnerability.
The text was updated successfully, but these errors were encountered:
@zerasul I understand that the issue is that the user can input any filename in the URL and the system will open and render it. We need to clean it so it only allows opening files from the base directory, not traversing filepaths.
Sorry, something went wrong.
The solution is to use safe_join instead of path_join I believe: https://tedboy.github.io/flask/interface_api.useful_funcs.html#flask.safe_join
Fix unsafe path opening vulnerability.
Thanks a lot for the help @dukebody i already merged the pull request.
Successfully merging a pull request may close this issue.