Severity
Low
Description
Accesses the file system, and could potentially read sensitive data.
Suggestion
If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead.
Packages with this alert
Check if a file exists without try catch
Creates a list of file extensions and their "real" names
Create a handy list of redundantly-named file-files
integration tests for filefog providers