fix(security): autofix Potential file inclusion attack via reading file

aikido-autofix[bot] · web-flow · commit 03f95f1fee2b · 2026-03-24T23:54:59.000Z
diff --git a/hotdata/api_client.py b/hotdata/api_client.py
@@ -554,6 +554,8 @@ def files_parameters(
         params = []
         for k, v in files.items():
             if isinstance(v, str):
+                if '..' in v:
+                    raise Exception('Invalid file path')
                 with open(v, 'rb') as f:
                     filename = os.path.basename(f.name)
                     filedata = f.read()
