Potential path traversal vulnerability due to actix::NamedFile::open(..) RS-S1014
Security
Major
a01
cwe-23
owasp top 10
cwe-35
Use of actix::NamedFile::open(..) with non-validated user input can lead to path traversal vulnerability,
i.e., a vulnerability that may expose private files on server.
Consider sanitizing all the parameters of a function before using them
with high-risk functions like actix::NamedFile::open(..).
Bad practice
fn foo(path: &Path) -> impl Response {
actix::NamedFile::open(path)
}
Recommended
fn foo(path: &Path) -> impl Response {
actix::NamedFile::open(sanitize(path))
}