Merge pull request #22 from hotdata-dev/fix/aikido-security-sast-20534215-krot

[Aikido] AI Fix for Potential file inclusion attack via reading file

Author: eddietejeda

hotdata/api_client.py

@@ -554,6 +554,8 @@ def files_parameters(
         params = []
         for k, v in files.items():
             if isinstance(v, str):
+                if '..' in v:
+                    raise Exception('Invalid file path')
                 with open(v, 'rb') as f:
                     filename = os.path.basename(f.name)
                     filedata = f.read()