Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 2
Message 1 of 3

External Control of File Name or Path (CWE ID 73)

File fileDir = new File(fileDirectory);
File file = new File(fileDir, fileName);

 

in the last line i am getting "This call to java.io.File() contains a path manipulation flaw. The argument to the function is a filename constructed using untrusted input."

 

Help me to solve it.

Thanks

2 Replies
Commander Lvl 1
Message 2 of 3

Re: External Control of File Name or Path (CWE ID 73)

Please provide a bit more information - no one will be able to help you with what you provided.


- Mark
Copilot Lvl 2
Message 3 of 3

Re: External Control of File Name or Path (CWE ID 73)

This is the way we are getting input.

 

 String fileName = _request.getParameter("fileName");

 

veracode scanner has reported this flaw.