Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix-path-traversal-vulnerability #3399

Merged
merged 3 commits into from
Oct 6, 2023
Merged

fix-path-traversal-vulnerability #3399

merged 3 commits into from
Oct 6, 2023

Conversation

DharunKumar04
Copy link
Contributor

This pull request addresses a path traversal vulnerability in the codebase, as reported by Snyk. The vulnerability arises from unvalidated user input being used as a path in the fs.readFileSync function, potentially allowing an attacker to read arbitrary files.

Changes Made

  • Implemented input validation and sanitization to prevent path traversal attacks.
  • Enforced strict file path handling to avoid unintended access to sensitive files.
  • Enhanced security checks to safeguard against unauthorized access.

@CLAassistant
Copy link

CLAassistant commented Oct 2, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@DharunKumar04
Copy link
Contributor Author

@tan-nhu Thanks for your feedback and for considering the change. I've updated the configuration as 'code' as you suggested to simplify the script. This change aligns with the current usage pattern and reduces potential complexity.

Regarding the use of restful-react, we'll keep an eye on its deprecation and plan to transition to the new library when needed.and thanks for the input !!

I've also ensured that Prettier has been run against the changed files as requested.

If you have any further suggestions or concerns, please feel free to let me know. Your input is greatly appreciated!

tan-nhu
tan-nhu requested changes Oct 5, 2023
View reviewed changes
web/package.json Outdated Show resolved Hide resolved
@DharunKumar04
Copy link
Contributor Author

Hi @hitesharinga, the PR has been approved by @tan-nhu. Please merge it so that we can close this. Thank you.

@hitesharinga hitesharinga merged commit 93b6f9c into harness:main Oct 6, 2023
2 checks passed
@hitesharinga
Copy link
Collaborator

hitesharinga commented Oct 6, 2023
edited
Loading

Hey @DharunKumar04, Thank you for the Fix. I have merged it.
Really appreciate it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tan-nhu tan-nhu tan-nhu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@DharunKumar04 @CLAassistant @hitesharinga @tan-nhu