Add security comments to path handling in various scripts to clarify internal constant usage and mitigate path traversal risks. Update logging in registration and verification processes for improved clarity.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 2m48s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 2m48s
This commit is contained in:
Torsten Schulz (local)
@@ -6,6 +6,8 @@ function uniqueCandidates(candidates) {
|
||||
}
|
||||
|
||||
function hasServerDataDir(root) {
|
||||
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
|
||||
// root candidates come only from APP_ROOT/cwd/parent and are used only for existence checks.
|
||||
return fs.existsSync(path.join(root, 'server', 'data'))
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user