Skip to content

security: URL/path/JWT validation + proxy warning (APS-19008 partial / 19010 / 19011)#1141

Open
Rohannagariya1 wants to merge 1 commit into
masterfrom
security/cypress-cli-safe-subset
Open

security: URL/path/JWT validation + proxy warning (APS-19008 partial / 19010 / 19011)#1141
Rohannagariya1 wants to merge 1 commit into
masterfrom
security/cypress-cli-safe-subset

security: validate override/response URLs, config path, JWT; warn on …

e578fad
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Semgrep OSS succeeded Jul 2, 2026 in 5s

4 new alerts

New alerts in code changed by this pull request

  • 4 warnings

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 61 in bin/helpers/securityValidation.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check warning on line 62 in bin/helpers/securityValidation.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check warning on line 62 in bin/helpers/securityValidation.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check warning on line 42 in bin/helpers/utils.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.