marcel/familienarchiv
1
0
Fork 0
Code Issues 107 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
429ff32edafb82cbbd2143bd2641758d9e6ddbf5
familienarchiv/backend/src
History
Marcel 429ff32eda security(import): block Unicode lookalike path separators in isValidImportFilename 
Adds checks for U+2215 DIVISION SLASH (∕), U+FF0F FULLWIDTH SOLIDUS (/),
and U+29F5 REVERSE SOLIDUS OPERATOR (⧵) — all of which bypass the existing
ASCII separator checks on Linux path resolution. Adds a clarifying comment on
the Paths.get().isAbsolute() call explaining its InvalidPathException safety
boundary. Adds 3 regression tests.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-21 10:06:49 +02:00
..
main
security(import): block Unicode lookalike path separators in isValidImportFilename
2026-05-21 10:06:49 +02:00
test
security(import): block Unicode lookalike path separators in isValidImportFilename
2026-05-21 10:06:49 +02:00