Vulnerability raised by Security

Hi,

Our security dept have raised a security concern about a path getting mentioned in the HTML of the home page.
Issue statement: "Windows specific file path was detected in the response."

Following are the string present in respponse:
file:/Users/camsaul/bird_sightings/toucans
placeholder : /home/camsaul/toucan_sightings.sqlite

Strange is that, the question raised is about the windows file path. But Metabase is installed on LINUX.

Now i want to know where is this path pointing to and what is stored at this point?

Thanks in advance.

Hi @abhiec
That's a false positive. It's not a Windows-path, which uses back-slash for paths. And it's a placeholder reference, it's not a real place - just like person@example.com is not a real email address

Hi @flamber,

Thank you very much for a quick reply.

So will it be fine if we mask this string in the source code?

Thanks again.

@abhiec You can do anything you want, since it's just a placeholder, but given it's a false-positive, then I would just mark it as that in your "security check" and move on.