From d7a453e97025cb74289a5fc3cd2f4038bb0e144c Mon Sep 17 00:00:00 2001
From: "aikido-autofix[bot]"
 <119856028+aikido-autofix[bot]@users.noreply.github.com>
Date: Mon, 4 Aug 2025 09:29:30 +0000
Subject: [PATCH] fix(security): autofix Potential file inclusion attack via
 reading file

---
 bm/main.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bm/main.go b/bm/main.go
index dbc011b..c12d455 100644
--- a/bm/main.go
+++ b/bm/main.go
@@ -92,6 +92,9 @@ func metricNow(now time.Time, result chan<- Latency, f func()) {
 }
 
 func (b *Benchmark) Configure(file string) {
+	if strings.Contains(file, "../") || strings.Contains(file, "..\\") {
+		log.Fatalln(fmt.Errorf("Invalid file path"))
+	}
 	in, err := ioutil.ReadFile(file)
 	if err != nil {
 		log.Fatalln(err)