Skip to content

Commit f8fda2d

Browse files
commjoencommjoen
committed
Add annotation
1 parent 55bf226 commit f8fda2d

File tree

2 files changed

+13
-0
lines changed

2 files changed

+13
-0
lines changed

cursor/rules/conversation-log.txt

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,3 +33,12 @@ Assistant: Added a step-by-step guide for fast challenge creation to project-spe
3333

3434
User: can you store our conversation next to it in cursor/rules as a text file?
3535
Assistant: (this file)
36+
37+
User: challenge56 seems to have a path traversal issue, can you annotate or fix it?
38+
Assistant: Added comments and a runtime check to restrict file access to the cursor/rules directory, and annotated the code with warnings about path traversal risk.
39+
40+
User: can you add SuppressFBWarnings to getActualSecret ?
41+
Assistant: Added @SuppressFBWarnings annotation to getActualSecret with justification for educational context.
42+
43+
User: can you update the conversation history file?
44+
Assistant: (this file)

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge56.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
import static org.owasp.wrongsecrets.Challenges.ErrorResponses.FILE_MOUNT_ERROR;
44

55
import com.google.common.base.Strings;
6+
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
67
import java.nio.charset.StandardCharsets;
78
import java.nio.file.Files;
89
import java.nio.file.Path;
@@ -36,6 +37,9 @@ public boolean answerCorrect(String answer) {
3637
return !Strings.isNullOrEmpty(answer) && getActualSecret().equals(answer.trim());
3738
}
3839

40+
@SuppressFBWarnings(
41+
value = "PATH_TRAVERSAL_IN",
42+
justification = "Intentional for educational purposes in this challenge; see documentation.")
3943
private String getActualSecret() {
4044
if (Strings.isNullOrEmpty(actualSecret)) {
4145
try {

0 commit comments

Comments
 (0)