Skip to content

Commit

Permalink
100%
Browse files Browse the repository at this point in the history
  • Loading branch information
heitorpolidoro committed Jan 16, 2024
1 parent 87d2a70 commit ac26510
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion app.py
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ def index():
@app.route("/<path:filename>", methods=["GET"])
def file(filename):
"""Convert a md file into HTML and return it"""
if not filename.endswith(".md"):
if not filename.endswith(".md") or "/" in filename:
abort(404)
with open(filename) as f:

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks High

Change this code to not construct the path from user-controlled data. See more on SonarCloud
md = f.read()
Expand Down

0 comments on commit ac26510

Please sign in to comment.