Learning/mRemoteNG
1
0
Fork 0
mirror of https://github.com/mRemoteNG/mRemoteNG.git synced 2026-02-17 22:11:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): autofix Path traversal attack possible

Browse Source
This commit is contained in:
aikido-autofix[bot]
2025-09-16 16:09:01 +00:00
committed by GitHub
parent bd1f311d09
commit 9501bb4428
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
mRemoteNG/Config/Settings/LocalSettingsManager.cs
View File

@@ -133,6 +133,10 @@ public class LocalDBManager
{
if (!string.IsNullOrWhiteSpace(schemaFilePath) && File.Exists(schemaFilePath))
{
if (schemaFilePath == null || schemaFilePath.Contains("../") || schemaFilePath.Contains(@"..\"))
{
throw new ArgumentException("Invalid file path");
}
var schemaJson = File.ReadAllText(schemaFilePath);
using (JsonDocument doc = JsonDocument.Parse(schemaJson))
{
@@ -269,6 +273,10 @@ public void EncryptDatabase()
{
if (File.Exists(jsonFilePath))
{
if (jsonFilePath == null || jsonFilePath.Contains("../") || jsonFilePath.Contains(@"..\"))
{
throw new ArgumentException("Invalid file path");
}
var json = File.ReadAllText(jsonFilePath);
var settingsData = JsonSerializer.Deserialize<Dictionary<string, List<Setting>>>(json);
@@ -308,6 +316,10 @@ public void EncryptDatabase()
}
var json = JsonSerializer.Serialize(settingsData, new JsonSerializerOptions { WriteIndented = true });
if (jsonFilePath == null || jsonFilePath.Contains("../") || jsonFilePath.Contains(@"..\"))
{
throw new ArgumentException("Invalid file path");
}
File.WriteAllText(jsonFilePath, json);
Console.WriteLine("Settings successfully exported to JSON file.");
}