From c9b9a51dc81467e8c0530dee0c52ee70786b621b Mon Sep 17 00:00:00 2001
From: bitterpanda <bitterpanda@proton.me>
Date: Tue, 10 Feb 2026 13:32:46 +0100
Subject: [PATCH] Add /app and /code as unsafe path starts

---
 .../path_traversal/detect_path_traversal_test.py               | 2 ++
 aikido_zen/vulnerabilities/path_traversal/unsafe_path_start.py | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/aikido_zen/vulnerabilities/path_traversal/detect_path_traversal_test.py b/aikido_zen/vulnerabilities/path_traversal/detect_path_traversal_test.py
index 60195d5c6..2937d6741 100644
--- a/aikido_zen/vulnerabilities/path_traversal/detect_path_traversal_test.py
+++ b/aikido_zen/vulnerabilities/path_traversal/detect_path_traversal_test.py
@@ -68,6 +68,8 @@ def test_user_input_is_longer_than_file_path():
 
 def test_absolute_linux_path():
     assert detect_path_traversal("/etc/passwd", "/etc/passwd") is True
+    assert detect_path_traversal("/home/binaries/test", "/home/binaries") is True
+    assert detect_path_traversal("/app/.env", "/app/.env") is True
 
 
 def test_linux_user_directory():
diff --git a/aikido_zen/vulnerabilities/path_traversal/unsafe_path_start.py b/aikido_zen/vulnerabilities/path_traversal/unsafe_path_start.py
index 7e6868cd5..e434b4d08 100644
--- a/aikido_zen/vulnerabilities/path_traversal/unsafe_path_start.py
+++ b/aikido_zen/vulnerabilities/path_traversal/unsafe_path_start.py
@@ -20,6 +20,9 @@
     "/tmp/",
     "/usr/",
     "/var/",
+    # More common in docker apps :
+    "/app/",
+    "/code/",
 ]
 
 # List of dangerous path starts, including Windows paths