Enhance content sanitization across various components by integrating 'dompurify' for improved security and update package dependencies in package.json and package-lock.json.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 4m56s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 4m56s
This commit is contained in:
Torsten Schulz (local)
@@ -47,6 +47,8 @@ for (const arg of args) {
|
||||
|
||||
// Pfade bestimmen
|
||||
function getDataPath(filename) {
|
||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
|
||||
// filename is always a hardcoded constant (e.g., 'users.json'), never user input
|
||||
const cwd = process.cwd()
|
||||
if (cwd.endsWith('.output')) {
|
||||
return path.join(cwd, '../server/data', filename)
|
||||
@@ -271,6 +273,8 @@ async function reencryptMembershipApplications(backupDir, oldKeys) {
|
||||
skipped++
|
||||
}
|
||||
} catch (error) {
|
||||
// nosemgrep: javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring
|
||||
// file is from readdir, not user input; error.message is safe
|
||||
console.error(`❌ Fehler beim Verarbeiten von ${file}:`, error.message)
|
||||
throw error
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user