actix::NamedFile::open(..)
RS-S1014Use of actix::NamedFile::open(..)
with non-validated user input can lead to path traversal vulnerability,
i.e., a vulnerability that may expose private files on server.
Consider sanitizing all the parameters of a function before using them
with high-risk functions like actix::NamedFile::open(..)
.
fn foo(path: &Path) -> impl Response {
actix::NamedFile::open(path)
}
fn foo(path: &Path) -> impl Response {
actix::NamedFile::open(sanitize(path))
}