use instefof instead of invalid contains

lucas-zimerman · lucas-zimerman · commit aa64deaf4b72 · 2025-10-20T15:56:10.000+01:00
diff --git a/danger/dangerfile.js b/danger/dangerfile.js
@@ -196,7 +196,7 @@ async function CheckFromExternalChecks() {
       const workspaceDir = '/github/workspace';
       const customPath = `${workspaceDir}${extraDangerFilePath}`;
       
-      if (extraDangerFilePath.contains(workspaceDir)) {
+      if (extraDangerFilePath.indexOf('..') !== -1) {
         fail(`Invalid dangerfile path: ${customPath}. Path traversal is not allowed.`);
         return;
       }

Original file line number	Diff line number	Diff line change
`@@ -196,7 +196,7 @@ async function CheckFromExternalChecks() {`
`196`	`196`	`const workspaceDir = '/github/workspace';`
`197`	`197`	const customPath = `${workspaceDir}${extraDangerFilePath}`;
`198`	`198`
`199`		`- if (extraDangerFilePath.contains(workspaceDir)) {`
	`199`	`+ if (extraDangerFilePath.indexOf('..') !== -1) {`
`200`	`200`	fail(`Invalid dangerfile path: ${customPath}. Path traversal is not allowed.`);
`201`	`201`	`return;`
`202`	`202`	`}`