From 13cd5118322b2773ec724547cb1ccead47e26c51 Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Thu, 9 Apr 2026 02:19:09 +0000 Subject: [PATCH] fix: V-001 security vulnerability Automated security fix generated by Orbis Security AI --- dependency_updater/dependency_updater.go | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/dependency_updater/dependency_updater.go b/dependency_updater/dependency_updater.go index 56204d77a..872dd318e 100644 --- a/dependency_updater/dependency_updater.go +++ b/dependency_updater/dependency_updater.go @@ -14,6 +14,7 @@ import ( "log" "os" "os/exec" + "path/filepath" "strings" ) @@ -82,7 +83,12 @@ func updater(token string, repoPath string, commit bool, githubAction bool) erro var dependencies Dependencies var updatedDependencies []VersionUpdateInfo - f, err := os.ReadFile(repoPath + "/versions.json") + repoPath, err = filepath.Abs(repoPath) + if err != nil { + return fmt.Errorf("error resolving repo path: %s", err) + } + + f, err := os.ReadFile(filepath.Join(repoPath, "versions.json")) if err != nil { return fmt.Errorf("error reading versions JSON: %s", err) } @@ -336,7 +342,7 @@ func writeToVersionsJson(repoPath string, dependencies Dependencies) error { return fmt.Errorf("error marshaling dependencies json: %s", err) } - e := os.WriteFile(repoPath+"/versions.json", updatedJson, 0644) + e := os.WriteFile(filepath.Join(repoPath, "versions.json"), updatedJson, 0644) if e != nil { return fmt.Errorf("error writing to versions.json: %s", e) } @@ -368,7 +374,7 @@ func createVersionsEnv(repoPath string, dependencies Dependencies) error { slices.Sort(envLines) - file, err := os.Create(repoPath + "/versions.env") + file, err := os.Create(filepath.Join(repoPath, "versions.env")) if err != nil { return fmt.Errorf("error creating versions.env file: %s", err) }