Uncontrolled data used in path expression vulnerability fix

Question

Uncontrolled data used in path expression vulnerability fix

Closed this issue 5 months ago · 3 comments

Hi @mgrybyk , can you please help in updating this action with below commit code from allure-report-branch-action in order to to fix Uncontrolled data used in path expression vulnerability
mgrybyk-org/allure-report-branch-action@17a408b
mgrybyk-org/allure-report-branch-action#21

Answer 1 · 2024-07-25T20:22:20.000Z

Hello @rphacker1618,

I'm glad to help. However, I didn't get what problem you want to solve.
Can you please provide more details.

Is it a security vulnerability or a functional defect?

Answer 2 · 2024-07-26T04:38:26.000Z

Hi @mgrybyk,

This is security vulnerability detected by CodeQL tool from GitHub , here are the screenshot and code snippet suggested by CodeQL . Kindly Help me in resolving this vulnerability.

Also one request, can you please provide steps to set up the source code onto our local machine.

Thanks,
Ravi

Missing_regular_expression_anchor_recommendation

UnControlled_data_used_in_path_expression_recommendation_1

UnControlled_data_used_in_path_expression_recommendation_2

UnControlled_data_used_in_path_expression_recommendation_3

Answer 3 · 2024-07-26T10:30:53.000Z

@rphacker1618 you may safely ignore these warnings. All of them are false positive.

Feel free to raise a PR to overcome this if you like.
I'm closing the issue but we can keep chatting.

can you please provide steps to set up the source code onto our local machine

I don't know what you mean.