Prevent path traversal in attachment downloads#47
Merged
Conversation
Sanitize filename using filepath.Base() to prevent malicious server responses from writing files to arbitrary locations on the filesystem. While Fizzy's API is trusted, this follows defense-in-depth principles by ensuring the CLI never writes outside the current directory regardless of what filename the server returns. Adds comprehensive unit tests covering various path traversal attempts.
robzolkos
force-pushed
the
fix-attachment-path-traversal
branch
from
16b67ec to
53c091b
Compare
robzolkos
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
filepath.Base()before writing to diskDetails
When downloading attachments, the CLI now strips any directory components from filenames. This ensures files are always written to the current directory, regardless of what the server returns.
While Fizzy's API is trusted, this follows defense-in-depth principles - the CLI should never write to arbitrary filesystem locations based on external input.
Test plan
../, absolute paths, nested traversal)