-
-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sync / Gateway development -> staging #373
base: staging
Are you sure you want to change the base?
Conversation
fix / update dev version to 2.2.0
(fix) fix poll route for base approvals
(fix) change how PancakeSwap fetches V2 pools
Feat: Add sepolia values to uniswap tests
const path = `${walletPath}/solana`; | ||
|
||
const encryptedPrivateKey: string = await fse.readFile( | ||
`${path}/${address}.json`, |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
user-provided value
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 6 days ago
To fix the problem, we need to validate the address
parameter before using it to construct a file path. We can use the path
module to ensure the constructed path is within a safe root directory. Specifically, we will:
- Normalize the constructed file path using
path.resolve
. - Check that the normalized path starts with the root directory (
walletPath/solana
).
-
Copy modified lines R284-R287 -
Copy modified line R290
@@ -283,5 +283,9 @@ | ||
const path = `${walletPath}/solana`; | ||
const filePath = path.resolve(path, `${address}.json`); | ||
if (!filePath.startsWith(path)) { | ||
throw new Error('Invalid address path'); | ||
} | ||
|
||
const encryptedPrivateKey: string = await fse.readFile( | ||
`${path}/${address}.json`, | ||
filePath, | ||
'utf8' |
(fix) solana tx
fix / solana tx costs
Before submitting this PR, please make sure:
A description of the changes proposed in the pull request:
Tests performed by the developer:
Tips for QA testing: