Adds absolute path check for dashboard config
What does this MR do and why?
It adds an absolute path check when loading dashboard configuration file to avoid path traversal.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Screenshots or screen recordings
------------ Before ------------
------------ After ------------
How to set up and validate locally
- In rails console try the below code:
DASHBOARD_ROOT_LOCATION = ".gitlab/analytics/dashboards"
ProductAnalytics::Dashboard.load_yaml_dashboard_config("/tmp/web-app/foo", DASHBOARD_ROOT_LOCATION)
Related to #433134
Edited by Surabhi Suman