Enhance security by adding DOMPurify sanitization comments in newsletter and Vereins components, and update path handling comments in server utilities to address potential path traversal vulnerabilities.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 3m28s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 3m28s
This commit is contained in:
Torsten Schulz (local)
@@ -10,8 +10,10 @@ import crypto from 'crypto'
|
||||
const getDataPath = (filename) => {
|
||||
const cwd = process.cwd()
|
||||
if (cwd.endsWith('.output')) {
|
||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
|
||||
return path.join(cwd, '../server/data', filename)
|
||||
}
|
||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
|
||||
return path.join(cwd, 'server/data', filename)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user