Skip to content

Commit

Permalink
Fix code scanning alert no. 1: Uncontrolled data used in path expression
Browse files Browse the repository at this point in the history 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@CNSeniorious000 @github-advanced-security
CNSeniorious000 and github-advanced-security[bot] authored Sep 25, 2024
1 parent 68fcb33 commit 10de4b0
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion src/utils/load.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,10 @@ def _load_template(stem: Template) -> DotTemplate:
try:
return DotTemplate.read(glob()[stem])
except KeyError:
if (root / stem).is_dir():
fullpath = (root / stem).resolve()

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
if not str(fullpath).startswith(str(root.resolve())):
raise Exception("Access to the path is not allowed")
if fullpath.is_dir():

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
return getattr(components, stem)
raise

Expand Down

0 comments on commit 10de4b0

Please sign in to comment.