The code uses outputpath to determine Parquet file locations without proper validation. If outputpath is user-controlled, an attacker could write files to arbitrary directories (e.g., via path traversal). The current length check in clean_up is insufficient for security.
Originating from Pull Request #2
The code uses outputpath to determine Parquet file locations without proper validation. If outputpath is user-controlled, an attacker could write files to arbitrary directories (e.g., via path traversal). The current length check in clean_up is insufficient for security.
Originating from Pull Request #2