Update RTEDemoApi.js #2767

inkz · 2025-02-26T23:45:32Z

This PR adds a path.resolve check to mitigate path traversal vulnerabilities. Previously, user-controlled input could potentially allow unauthorized file access by using ../ sequences.

Description:

Issue link:

QA notes:

This PR adds a `path.resolve` check to mitigate path traversal vulnerabilities. Previously, user-controlled input could potentially allow unauthorized file access by using `../` sequences.

github-actions · 2025-02-27T15:30:12Z

Generated by: track-bundle-size
Generated at: Thu, 27 Feb 2025 15:29:07 GMT
Bundle size diff (in kBytes). Not gzipped. Both CSS & JS included.
Baseline: v5.12.1 (2025-01-23)
CI Status: ok

Module	Baseline Size (v5.12.1)	Size	Diff	Within Threshold	Threshold (min - max)
templateApp	777.31	769.42	-7.9 `js:-4.72` `css:-3.17`	🆗	699.58 - 855.04
@epam/app	5897.25	5849.3	-47.95 `js:-48.25` `css:+0.31`	🆗	5307.52 - 6486.97
@epam/draft-rte	52.91	52.94	+0.03 `js:+0.01` `css:+0.02`	🆗	47.62 - 58.21
@epam/electric	4.58	4.58	0 `js:0` `css:0`	🆗	4.12 - 5.04
@epam/promo	55.18	55.18	0 `js:0` `css:0`	🆗	49.67 - 60.7
@epam/uui-extra	0.21	0.21	0 `js:0` `css:0`	🆗	0.19 - 0.23
@epam/loveship	90.32	90.32	-0.01 `js:+0` `css:-0.01`	🆗	81.29 - 99.36
@epam/uui-components	253.98	253.77	-0.2 `js:-0.21` `css:+0.01`	🆗	228.58 - 279.37
@epam/uui-core	316.89	317.12	+0.23 `js:+0.23` `css:0`	🆗	285.2 - 348.58
@epam/uui-db	41.63	41.63	0 `js:0` `css:0`	🆗	37.47 - 45.8
@epam/uui-docs	175.78	175.77	-0.01 `js:0` `css:-0.01`	🆗	158.2 - 193.36
@epam/uui-editor	173.57	173.55	-0.02 `js:-0.01` `css:-0.01`	🆗	156.21 - 190.93
@epam/uui-timeline	75.5	75.49	-0.01 `js:0` `css:0`	🆗	67.95 - 83.05
@epam/uui	608.41	609.14	+0.74 `js:+0.52` `css:+0.22`	🆗	547.56 - 669.25

new sizes (raw)

To set the sizes as a new baseline, you can copy/paste next content to the uui-build/config/bundleSizeBaseLine.json and commit the file.

{
  "version": "5.13.1",
  "timestamp": "2025-02-27",
  "sizes": {
    "templateApp": {
      "css": 308732,
      "js": 479146
    },
    "@epam/app": {
      "css": 740692,
      "js": 5248989
    },
    "@epam/draft-rte": {
      "css": 9789,
      "js": 44422
    },
    "@epam/electric": {
      "css": 2275,
      "js": 2416
    },
    "@epam/promo": {
      "css": 47375,
      "js": 9133
    },
    "@epam/uui-extra": {
      "css": 0,
      "js": 213
    },
    "@epam/loveship": {
      "css": 53343,
      "js": 39147
    },
    "@epam/uui-components": {
      "css": 22666,
      "js": 237202
    },
    "@epam/uui-core": {
      "css": 0,
      "js": 324731
    },
    "@epam/uui-db": {
      "css": 0,
      "js": 42633
    },
    "@epam/uui-docs": {
      "css": 2447,
      "js": 177542
    },
    "@epam/uui-editor": {
      "css": 12732,
      "js": 164986
    },
    "@epam/uui-timeline": {
      "css": 2199,
      "js": 75105
    },
    "@epam/uui": {
      "css": 286835,
      "js": 336930
    }
  }
}

Generated by: generate-components-api
CI Status: ok

Total amount of exported types/props without JSDoc comments

	Amount
Types	302 (+0) 🆗
Props	233 (+0) 🆗

AlekseyManetov · 2025-02-27T16:22:25Z

@inkz Thanks for the fix!

Update RTEDemoApi.js

69a6b2b

This PR adds a `path.resolve` check to mitigate path traversal vulnerabilities. Previously, user-controlled input could potentially allow unauthorized file access by using `../` sequences.

AlekseyManetov merged commit fe5bbb1 into epam:main Feb 27, 2025
3 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update RTEDemoApi.js #2767

Update RTEDemoApi.js #2767

inkz commented Feb 26, 2025

github-actions bot commented Feb 27, 2025

AlekseyManetov commented Feb 27, 2025

Update RTEDemoApi.js #2767

Update RTEDemoApi.js #2767

Conversation

inkz commented Feb 26, 2025

Description:

Issue link:

QA notes:

github-actions bot commented Feb 27, 2025

AlekseyManetov commented Feb 27, 2025