Fix sonar vulnerability
zerasul opened this issue · 3 comments
zerasul commented
In the last sonar report, there is a new Sonar Vulnerability.
dukebody commented
@zerasul I understand that the issue is that the user can input any filename in the URL and the system will open and render it. We need to clean it so it only allows opening files from the base directory, not traversing filepaths.
dukebody commented
The solution is to use safe_join
instead of path_join
I believe: https://tedboy.github.io/flask/interface_api.useful_funcs.html#flask.safe_join