File fileDir = new File(fileDirectory);
File file = new File(fileDir, fileName);
in the last line i am getting "This call to java.io.File() contains a path manipulation flaw. The argument to the function is a filename constructed using untrusted input."
Help me to solve it.
This is the way we are getting input.
String fileName = _request.getParameter("fileName");
veracode scanner has reported this flaw.
Anything could be inside that parameter, even a malicious filepath that actually points to a config file containing passwords. You'll need to validate the string, make sure it contains things that you'd expect.