Skip to content
This repository has been archived by the owner on Jan 11, 2023. It is now read-only.

dont diractly use user input path #38

Open
Commandcracker opened this issue Oct 22, 2022 · 1 comment
Open

dont diractly use user input path #38

Commandcracker opened this issue Oct 22, 2022 · 1 comment
Labels
feature request New feature or request security Security related issue server Issues related to YouCube's server

Comments

@Commandcracker
Copy link
Owner

current solution youcube.py

there might be an better way to handle this user input
@Commandcracker Commandcracker added feature request New feature or request server Issues related to YouCube's server security Security related issue labels Oct 22, 2022
@Commandcracker
Copy link
Owner Author

(PTC-W6004) Audit required: External control of file name or path

Description

Python's open() function can take in a relative or absolute path and read its file contents. If a user is provided direct access to the path that is opened, it can have serious security risks.

Occurrences

There are 2 occurrences of this issue in the repository.

See all occurrences on DeepSource → deepsource.io/gh/Commandcracker/YouCube/issue/PTC-W6004/occurrences/

@Commandcracker Commandcracker mentioned this issue Jan 13, 2023
Open
37 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature request New feature or request security Security related issue server Issues related to YouCube's server
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Commandcracker