Fix code scanning alert deepmodeling#725: Uncontrolled data used in p…

…ath expression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Jinzhe Zeng <[email protected]>
njzjz · Sep 18, 2024 · bcd9a6a · bcd9a6a
1 parent ba9f02f
commit bcd9a6a
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/source/ipi/driver.cc b/source/ipi/driver.cc
@@ -48,13 +48,25 @@ char *trimwhitespace(char *str) {
   return str;
 }
 
+bool isValidPath(const std::string &path) {
+  if (path.find("..") != std::string::npos || path.find('/') != std::string::npos || path.find('\\') != std::string::npos) {
+    return false;
+  }
+  return true;
+}
+
 int main(int argc, char *argv[]) {
   if (argc == 1) {
     std::cerr << "usage " << std::endl;
     std::cerr << argv[0] << " input_script " << std::endl;
     return 0;
   }
 
+  if (!isValidPath(argv[1])) {
+    std::cerr << "Invalid file path." << std::endl;
+    return 1;
+  }
+
   std::ifstream fp(argv[1]);
   json jdata;
   fp >> jdata;