I use File.write(path) several times in my code and when I scan it by using Sobelow, it keeps raising Traversal.FileModule: Directory Traversal in File.write - Low Confidence.
Is there any appropriate way to fix it? Thank you in advance.
Try using the File.write! version:
unless File.exists?(destination) do
File.mkdir_p(Path.dirname(destination))
end
File.write!(destination, module)
How to you compose the paths? Traversal vulnerabilities are about users being able to use paths to gain access to files they shouldn’t have access to (e.g. using /../ or ~/.)
