Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue #4232 - Fix CWE-22 Path/Directory Traversal issues #4233

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Issue #4232 - Fix CWE-22 Path/Directory Traversal issues #4233

wants to merge 1 commit into from

Conversation

omordyk
Copy link
Contributor

@omordyk omordyk commented Jan 31, 2025
edited
Loading

Description

CWE-22 (Path/Directory Traversal) is a type of vulnerability that occurs when an application allows users to manipulate file paths in a way that can access files or directories that are outside of the intended directory. This can lead to security issues such as unauthorized access to sensitive files, data leakage, or even arbitrary code execution in some cases.

Fixes # (issue)

Canonical Path Resolution: The filepath.Clean() method removes redundant or malicious path elements (e.g., .., .) that could be used for directory traversal.

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Ran Mend SAST

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules
  • I have checked my code and corrected any misspellings
  • I have tagged the reviewers in a comment below incase my pull request is ready for a review
  • I have signed the commit message to agree to Developer Certificate of Origin (DCO) (to certify that you wrote or otherwise have the right to submit your contribution to the project.) by adding "--signoff" to my git commit command.

@omordyk omordyk self-assigned this Jan 31, 2025
@omordyk omordyk linked an issue Jan 31, 2025 that may be closed by this pull request
CWE-22 (Path/Directory Traversal) #4232
Open
@omordyk omordyk force-pushed the feat_4232 branch 3 times, most recently from 8b8b4c9 to 6bf53d1 Compare January 31, 2025 08:18
@omordyk omordyk requested review from kroczi and LiilyZhang January 31, 2025 08:20
@omordyk omordyk force-pushed the feat_4232 branch 2 times, most recently from accdd0e to f62a9df Compare January 31, 2025 08:36
@omordyk omordyk requested a review from K-Pomian January 31, 2025 08:38
@omordyk omordyk force-pushed the feat_4232 branch 3 times, most recently from 29c0d98 to 66e0d87 Compare February 3, 2025 11:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kroczi kroczi kroczi approved these changes

@LiilyZhang LiilyZhang Awaiting requested review from LiilyZhang

@K-Pomian K-Pomian Awaiting requested review from K-Pomian

At least 1 approving review is required to merge this pull request.

Assignees

@omordyk omordyk

Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CWE-22 (Path/Directory Traversal)
2 participants
@omordyk @kroczi