llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-02 03:00:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: Gosec/sec fixes (#2004)

Browse Source 
* Customization of the initialization file

* fix: G601 (CWE-118): Implicit memory aliasing in for loop

* fix: G304 (CWE-22): Potential file inclusion via variable

* fix: G110 (CWE-409): Potential DoS vulnerability via decompression bomb
This commit is contained in:
Alex OvsInc
2023-06-21 13:55:20 +03:00
committed by GitHub
parent d505a4bf2d
commit 6ebca6dbe7
11 changed files with 25 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
controllers/user_upload.go
View File

@ -19,13 +19,14 @@ import (
"io"
"mime/multipart"
"os"
"path/filepath"
"github.com/casdoor/casdoor/object"
"github.com/casdoor/casdoor/util"
)
func saveFile(path string, file *multipart.File) (err error) {
f, err := os.Create(path)
f, err := os.Create(filepath.Clean(path))
if err != nil {
return err
}