torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance security by adding DOMPurify comments in Vue components and updating path handling comments in server utilities to mitigate path traversal risks.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 46s
Details

Browse Source
This commit is contained in:
Torsten Schulz (local)
2025-12-20 11:15:31 +01:00
parent 968c749fe3
commit 19024cd87e
45 changed files with 129 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/utils/members.js
View File

@@ -16,7 +16,7 @@ const getDataPath = (filename) => {
}
// In development, working dir is project root
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
return path.join(cwd, 'server/data', filename)
}

2
server/utils/news.js
View File

@@ -15,7 +15,7 @@ const getDataPath = (filename) => {
}
// In development, working dir is project root
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
return path.join(cwd, 'server/data', filename)
}

2
server/utils/newsletter.js
View File

@@ -13,7 +13,7 @@ const getDataPath = (filename) => {
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
return path.join(cwd, '../server/data', filename)
}
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
return path.join(cwd, 'server/data', filename)
}

1
server/utils/pdf-generator-service.js
View File

@@ -98,6 +98,7 @@ export class PDFGeneratorService {
* @returns {Promise<string>} File path
*/
async savePDF(pdfBuffer, filename, uploadDir) {
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
const filePath = path.join(uploadDir, filename)
await fs.writeFile(filePath, pdfBuffer)
return filePath

4
server/utils/termine.js
View File

@@ -8,13 +8,13 @@ const getDataPath = (filename) => {
const cwd = process.cwd()
// In production (.output/server), working dir is .output
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
if (cwd.endsWith('.output')) {
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
return path.join(cwd, '../public/data', filename)
}
// In development, working dir is project root
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
return path.join(cwd, 'public/data', filename)
}