Description
If any Python scripts dynamically read or write files based on user input, it's possible for an attacker to use ../ (dot-dot-slash) sequences to escape the intended directory and access sensitive system files (Path Traversal).
Proposed Solution
I propose auditing the file I/O operations across the projects and implementing os.path.abspath validation to ensure all dynamically constructed paths remain strictly within their intended directory boundaries.
I would love to work on this critical security issue under the GSSoC '24 program! Could you please assign it to me?
Description
If any Python scripts dynamically read or write files based on user input, it's possible for an attacker to use
../(dot-dot-slash) sequences to escape the intended directory and access sensitive system files (Path Traversal).Proposed Solution
I propose auditing the file I/O operations across the projects and implementing
os.path.abspathvalidation to ensure all dynamically constructed paths remain strictly within their intended directory boundaries.I would love to work on this critical security issue under the GSSoC '24 program! Could you please assign it to me?