External Control of File Name or Path (CWE ID 73)

jayasharma8 · ‎02-12-2018

File fileDir = new File(fileDirectory);
File file = new File(fileDir, fileName);

in the last line i am getting "This call to java.io.File() contains a path manipulation flaw. The argument to the function is a filename constructed using untrusted input."

Help me to solve it.

Thanks

mpboom · ‎02-13-2018

Please provide a bit more information - no one will be able to help you with what you provided.

- Mark

jayasharma8 · ‎02-14-2018

This is the way we are getting input.

String fileName = _request.getParameter("fileName");

veracode scanner has reported this flaw.

Joshhua5 · ‎01-16-2019

Anything could be inside that parameter, even a malicious filepath that actually points to a config file containing passwords. You'll need to validate the string, make sure it contains things that you'd expect.

crocen98 · ‎08-02-2019

I am sorry, what kind of validation will veracode understand?
Can you give a code example?
Thank you in advance!

fire-eggs · ‎08-04-2019

Read this.

Please follow-up to let us know how you made out. For good karma, mark a reply as the answer if it helped!

External Control of File Name or Path (CWE ID 73)

Re: External Control of File Name or Path (CWE ID 73)

Re: External Control of File Name or Path (CWE ID 73)

Re: External Control of File Name or Path (CWE ID 73)

Re: External Control of File Name or Path (CWE ID 73)

Re: External Control of File Name or Path (CWE ID 73)

Thonny Python

Help needed FOSS game engine documentation review

Looking for help with PL documentation

Hey everyone im introducing myself

LTE signal information

Automated greenhouse with arduino and esp8266 plea...

School Management System

Seqonce - i seq

seqonce- iseq

Maths problem: time calculation

Re: Thonny Python

Re: LTE signal information

Re: Raspberry pi 4 command line help

Re: Raspberry pi 4 command line help

Raspberry pi 4 command line help

Other ways to get help

More places to learn

Community areas