cloudinary-cli
cloudinary-cli copied to clipboard
cloudinary
Insecure code in cloudinary-cli/modules/upload_dir.py
Bug report for Cloudinary CLI
there were a few areas where security could be a concern:
Input Sanitization and Validation:
The code doesn't appear to have extensive input validation or sanitization for user-provided arguments and options. This could potentially lead to issues like code injection or unexpected behavior if malicious input is provided.
# Example of user input that could be potentially risky without validation/sanitization
uploads.append((file_path, {**options, **folder_options}, items, skipped))
…
Issue Type (Can be multiple)
- [ ] Build - Cannot install or import the SDK
- [x] Performance - Performance issues
- [ ] Behaviour - Functions are not working as expected (such as generate URL)
- [ ] Documentation - Inconsistency between the docs and behaviour
- [ ] Other (Specify)
Operating System
- [ ] Linux
- [ ] Windows
- [ ] macOS
- [x] All
Thank you for assigning me, will get back to you asap, when i am ready with the solution Also will this PR be counted under the https://cloudinary.com/blog/hacktoberfest-celebrate-open-source-sdks ?
@HeetVekariya before you begin this there is already a pull request opened by @simran-sankhala that needs to be reviewed. If that PR is invalid and the issue opens up you're welcome to submit a PR yourself
This issue has also not been reviewed by the team to determine if it's needed so we'll need to wait to hear back as well
@gagandeepp looks like the guy who originally opened a PR (@simran-sankhala ) is not responding, feel free to take his PR, fix all the issues and submit yours.
This is the PR: https://github.com/cloudinary/cloudinary-cli/pull/80
@colbyfayock @const-cloudinary do you want me to work on separate branch or update the changes on this branch itself?