[SECURITY] Snapshot names not sanitized

Question

[SECURITY] Snapshot names not sanitized

thib3113 opened this issue a year ago · 3 comments

It seems that snapshot names are not sanitized .

I test something like :

it('test / test name', () => {
  cy.matchImageSnapshot()
})

and so it create a folder test , and a file test name .

Can you please sanitize file names ? It seems (here) that cypress use the library sanitize-filename . ( or better, use a hash as filename, so less names collision risk . And your are sure there is no strange chars )

also, I'm pretty sure it can destroy a system ... what happen if I name my test with path traversal ? something like : ../../../etc/password .

I tested it . And we can write any files on a developper computer .

( not exactly with the same name I say before ... but I'll not tell it here ... in private if you want )

Please fix this, and create a repository-security-advisory to tell people to update to a safe version

Answer 1 · 2023-07-31T20:01:42.000Z

🎉 This issue has been resolved in version 8.0.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

Answer 2 · 2023-07-31T20:02:06.000Z

Thanks for highlighting this one @thib3113, should be fixed now 👌🏻

Answer 3 · 2023-07-31T21:48:54.000Z

great ! thank you !