Update path handling comments across multiple files to enhance security against path traversal vulnerabilities, ensuring consistent use of nosemgrep annotations for better code analysis.

2025-12-20 14:49:57 +01:00
parent db0b0c390a
commit 3e956ac46b
40 changed files with 159 additions and 140 deletions
--- a/server/api/spielplan/download/[filename].get.js
+++ b/server/api/spielplan/download/[filename].get.js
@@ -53,7 +53,7 @@ export default defineEventHandler(async (event) => {
      filePath = path.join(process.cwd(), 'public', 'documents', 'spielplaene', 'spielplan_gesamt.pdf')
    } else {
      // Für vordefinierte PDFs
-      // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
+      // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
      filePath = path.join(process.cwd(), 'public', 'documents', 'spielplaene', sanitizedFilename)
    }
    
--- a/server/api/spielplan/pdf.get.js
+++ b/server/api/spielplan/pdf.get.js
@@ -361,7 +361,7 @@ ${hallenListe.map(halle => {
      // Verzeichnis existiert bereits
    }
    
-    // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
+    // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
    const tempTexFile = path.join(tempDir, `spielplan_${team}_${Date.now()}.tex`)
    await fs.writeFile(tempTexFile, latexContent, 'utf-8')