From 03f95f1fee2b6befec25b0a5e32779ae0c86c435 Mon Sep 17 00:00:00 2001
From: "aikido-autofix[bot]"
 <119856028+aikido-autofix[bot]@users.noreply.github.com>
Date: Tue, 24 Mar 2026 23:54:59 +0000
Subject: [PATCH] fix(security): autofix Potential file inclusion attack via
 reading file

---
 hotdata/api_client.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hotdata/api_client.py b/hotdata/api_client.py
index 7af72f2..58e44c6 100644
--- a/hotdata/api_client.py
+++ b/hotdata/api_client.py
@@ -554,6 +554,8 @@ def files_parameters(
         params = []
         for k, v in files.items():
             if isinstance(v, str):
+                if '..' in v:
+                    raise Exception('Invalid file path')
                 with open(v, 'rb') as f:
                     filename = os.path.basename(f.name)
                     filedata = f.read()