Skip to content

Bridgelink development fix 01#92

Open
jlodew0 wants to merge 2 commits intoInnovar-Healthcare:bridgelink_developmentfrom
jlodew0:bridgelink_development_fix_01
Open

Bridgelink development fix 01#92
jlodew0 wants to merge 2 commits intoInnovar-Healthcare:bridgelink_developmentfrom
jlodew0:bridgelink_development_fix_01

Conversation

@jlodew0
Copy link
Copy Markdown

@jlodew0 jlodew0 commented Nov 12, 2025

No description provided.

jlodew0 and others added 2 commits November 12, 2025 21:12
@jlodew0 @github-advanced-security
Potential fix for code scanning alert no. 57: Server-side template in…
1b8ada2 
…jection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@jlodew0 @github-advanced-security
Potential fix for code scanning alert no. 50: Uncontrolled data used …
98a87a0 
…in path expression

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@jlodew0 jlodew0 closed this Nov 12, 2025
@jlodew0 jlodew0 reopened this Nov 12, 2025
@jlodew0 jlodew0 marked this pull request as draft November 12, 2025 20:18
@jlodew0 jlodew0 marked this pull request as ready for review November 12, 2025 20:18
jlodew0
jlodew0 commented Nov 12, 2025
View reviewed changes
Copy link
Copy Markdown
Author

@jlodew0 jlodew0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

@Innovarzweng
Copy link
Copy Markdown
Collaborator

Innovarzweng commented Feb 2, 2026

@jlodew0 Thanks for submitting this PR.
Would you please provide the description of this PR so that Innovar team can review?

Thanks,
Jim

@jlodew0
Copy link
Copy Markdown
Author

jlodew0 commented Feb 3, 2026
edited
Loading

@jlodew0 Thanks for submitting this PR. Would you please provide the description of this PR so that Innovar team can review?

Thanks, Jim

Hi Jim,

Thanks for the message. It’s been quite a while since I last looked at this, so I had to refresh my memory a bit 🙂

PR #92 came out of a moment where I was looking into the GitHub code scanning alerts that were reported back then. The two main things I tried to address were:

  • A potential path traversal issue around how rootFolder and baseFolder are handled.
  • The scanner complaining about possible injection risks in filePattern.

The intent wasn’t to redesign functionality, but more to put in some guardrails to quiet those findings. In hindsight, I agree that especially the filePattern change is probably too strict and could break existing configurations that rely on dynamic filenames. Same story for the strict “subdirectory only” check — that’s arguably more of a policy choice than a hard requirement.

So yeah, happy to admit this was more of a defensive/security-driven change than a fully thought-through functional one. If BridgeLink still needs something in this area, I’m happy to explain what I was aiming for or adjust the approach.

Kind regards,

Jo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jlodew0 @Innovarzweng