#SecureCodeReview always fills me with either disappointment or excitement. It's a good exercise reading someone else's code, and trying to best them in a match of wits (by finding a missed security issue). But occasionally I see sloppy code that is clearly LLM regurgitated #copypasta that I feel a little sick.

Just caught a low risk Path Traversal vulnerability that has been in there for years and we missed it the last time this area was reviewed. 😎