Since the Guid
is the only thing passed in, and a Guid
cannot be of the form ..\..\
, I think you would be safe from a Directory Traversal Attack.
The only other input is ConfigurationManager.AppSettings["LogFilePath"]
. This could be of the form X:\Example\..
, but it could also be X:\
, so I do not see this as a problem. Either way, you will be adding @"\ErrorLogs\Logs\"
to the path you are writing.
I would also recommend using Path.Combine, so you dont have to get lost in \
's
string varpath = Path.Combine(ConfigurationManager.AppSettings["LogFilePath"]
.ToString(), @"ErrorLogs\Logs");