mengww

Hello, is there any update?

Sorry for the late reply, that would be better in term of security,

Hello @VirtuBox , thanks for the reply. This could still be a security issue although this is not that critical. There is one existing [case](https://security.snyk.io/vuln/SNYK-PYTHON-OMISE-6138437), it uses `logger.info()` to print...

that could be one way. You could also directly give permissions at creation time like below which is also the [fix ](https://github.com/Backblaze/b2-sdk-python/commit/62476638986e5b6d7459aca5ef8ce220760226e0)to that known cve ``` fd = os.open( self.filename,...

Yes this looks correct

@OzzieIsaacs , thanks for the reply. Sorry for my unclear explanation. Here is a better example? Assuming an malicious user wants to upload a malicious file. In the beginning, he...

@OzzieIsaacs yes, single uploading wont execute an executable file. But it could be used to future exploitable or malicious user could use the platform to distribute malware. The solution to...