Conversation
![aikido-pr-checks[bot]](https://avatars.githubusercontent.com/in/898896?s=60&v=4){kind=small}
|
|
||
| # Sort files so dependencies are uploaded before dependents: | ||
| # fonts first, then CSS, then index.html last (it triggers all other loads) | ||
| filenames = Dir.glob(gem_path + start_path + "**/*") |
There was a problem hiding this comment.
Path traversal attack possible - high severity
A malicious actor could control the location of this file, which may allow them to retrieve, write or delete files outside of the intended folder.
Show fix
Remediation: To address this, ensure that user-controlled variables in file paths are sanitized at least to not contain '..' or forward slashes.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
| else | ||
| [2, filename] | ||
| end | ||
| end |
There was a problem hiding this comment.
This resolves the icons showing up as boxes issue. At least I wasn't able to reproduce after doing this.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2955 +/- ##
==========================================
- Coverage 78.48% 78.48% -0.01%
==========================================
Files 673 673
Lines 55324 55333 +9
Branches 728 728
==========================================
+ Hits 43423 43426 +3
- Misses 11823 11829 +6
Partials 78 78
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
clayandgen
left a comment
clayandgen
left a comment
There was a problem hiding this comment.
I ran a docker system prune and launched this and everything loaded well!
2 participants
closes #2158