sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity

fix: safe uploads, AI history continuity, deep search, sudo credentials #55

Merged
sarman merged 19 commits from fix/safe-uploads-history-search-sudo into master 2026-05-31 20:52:32 +00:00
Conversation 0 Commits 19 Files Changed 14 +2
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit cf1d5adb83 - Show all commits

2
src-tauri/src/commands/analysis.rs
View File

@ -108,6 +108,8 @@ fn extract_docx_text(path: &Path) -> Result<String, String> {
zip::ZipArchive::new(file).map_err(|e| format!("Failed to open as ZIP/DOCX: {e}"))?;
let mut xml_content = String::new();
{
// Safety: only one hardcoded entry is ever accessed; no arbitrary path extraction is
// performed, so zip-slip path traversal attacks cannot apply here.
let mut doc_xml = archive
.by_name("word/document.xml")
.map_err(|_| "Not a valid DOCX: missing word/document.xml".to_string())?;