osx-sign [Help] walkAsync function incorrectly follows symbolic links, leading to a directory traversal vulnerability

[Help] walkAsync function incorrectly follows symbolic links, leading to a directory traversal vulnerability

Open tredcx opened this issue 7 months ago • 1 comments

trafficstars

file:src/util.ts

In the current walkAsync function, using 'const stat = await fs.stat(filePath);' causes 'stat.isSymbolicLink()' to always return 'false' because stat returns the target file's metadata. I propose changing it to 'const stat = await fs.lstat(filePath);' to resolve this issue.

Apr 02 '25 04:04 tredcx

osx-sign osx-sign copied to clipboard

[Help] walkAsync function incorrectly follows symbolic links, leading to a directory traversal vulnerability

osx-sign
osx-sign copied to clipboard