Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve workflow package #802

Merged
merged 21 commits into from
Dec 13, 2023

Minor refactoring

1d86ee9
Select commit
Loading
Failed to load commit list.
Merged

Improve workflow package #802

Minor refactoring
1d86ee9
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Dec 13, 2023 in 2s

4 new alerts including 3 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 3 high

Other Alerts:

  • 1 note

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 135 in baremaps-core/src/main/java/org/apache/baremaps/workflow/tasks/DecompressFile.java

See this annotation in the file changed.

Code scanning / CodeQL

Arbitrary file access during archive extraction ("Zip Slip") High

Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a file system operation.

Check failure on line 162 in baremaps-core/src/main/java/org/apache/baremaps/workflow/tasks/DecompressFile.java

See this annotation in the file changed.

Code scanning / CodeQL

Arbitrary file access during archive extraction ("Zip Slip") High

Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a file system operation.

Check failure on line 188 in baremaps-core/src/main/java/org/apache/baremaps/workflow/tasks/DecompressFile.java

See this annotation in the file changed.

Code scanning / CodeQL

Arbitrary file access during archive extraction ("Zip Slip") High

Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.

Check notice on line 76 in baremaps-core/src/main/java/org/apache/baremaps/workflow/WorkflowContext.java

See this annotation in the file changed.

Code scanning / CodeQL

Useless parameter Note

The parameter 'path' is never used.