Skip to content

openapi3: resolve Snyk security warning with path traversal #1066

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 1, 2025
Merged

openapi3: resolve Snyk security warning with path traversal #1066

merged 1 commit into from
May 1, 2025

Conversation

@seborama
Copy link
Contributor

@seborama seborama commented Apr 28, 2025
edited
Loading

I am using kin-openapi on a project and Snyk blocked me with an error:

Path Traversal
Unsanitized input from the request URL flows into os.ReadFile, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files.

This PR proposes a remediation.

Thank for this really useful library!
@fenollp
Copy link
Collaborator

fenollp commented Apr 29, 2025

Does path.Clean resolve the Snyk warning?
@seborama
Copy link
Contributor Author

seborama commented May 1, 2025

As far as I can tell, using this branch with a replace statement in the go.mod, seems to have put Snyk at peace.
@fenollp fenollp changed the title fix: resolve Snyk security warning with path traversal openapi3: resolve Snyk security warning with path traversal May 1, 2025
@fenollp fenollp merged commit bf26c56 into getkin:master May 1, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@seborama @fenollp