I have a phoenix endpoint which allows users to upload file and system will ingest the files contents
def ingest_csv(conn, %{"csv" => %Plug.Upload{} = upload}) do
csv_data = upload.path |> File.stream!() |> CSV.parse_stream() |> Enum.to_list()
...
end
sobelow is flagging this out Traversal.FileModule: Directory Traversal in File.stream!- High Confidence
Ensure that the path passed to File functions is not user-controlled.
It seems is is flagging this out as the file path is coming from external environment.
So how else can i implement this feature without triggering sobelow?
