Mole/cmd/analyze/delete.go at 02c0e1e78a201781e787cd5e56cf1958e5baf1c8

mirror of https://github.com/tw93/Mole.git synced 2026-03-22 23:05:08 +00:00

Files

Tw93 9db5488397 security: validate raw path in moveToTrash before filepath.Abs resolves traversal

filepath.Abs resolves ".." components, so the existing validatePath call
on the resolved path could never catch traversal attempts. Move validation
before Abs to reject raw input with "..", keeping the post-Abs check as
defense-in-depth.

2026-03-14 10:39:33 +08:00

4.3 KiB

Raw Blame History

View Raw

4.3 KiB Raw Blame History

4.3 KiB

Raw Blame History