Query
Relevant PR: github/codeql#6947
CVE ID(s)
Report
Request is looking for situations of unsafe work with files. use validation functions in the first place without guaranteeing that the file will not be created later. in the second case, he looks for places to work with the file, when his name is predictable and there are no restrictions on access rights.
Result(s)
I am currently working on a fix. and I will present when it will be adopted.
Query
Relevant PR: github/codeql#6947
CVE ID(s)
Report
Request is looking for situations of unsafe work with files. use validation functions in the first place without guaranteeing that the file will not be created later. in the second case, he looks for places to work with the file, when his name is predictable and there are no restrictions on access rights.
Result(s)
I am currently working on a fix. and I will present when it will be adopted.