File fileDir = new File(fileDirectory);
File file = new File(fileDir, fileName);
in the last line i am getting "This call to java.io.File() contains a path manipulation flaw. The argument to the function is a filename constructed using untrusted input."
Help me to solve it.
Thanks
Please provide a bit more information - no one will be able to help you with what you provided.
This is the way we are getting input.
String fileName = _request.getParameter("fileName");
veracode scanner has reported this flaw.
Anything could be inside that parameter, even a malicious filepath that actually points to a config file containing passwords. You'll need to validate the string, make sure it contains things that you'd expect.
I am sorry, what kind of validation will veracode understand?
Can you give a code example?
Thank you in advance!
Read this.
Please follow-up to let us know how you made out. For good karma, mark a reply as the answer if it helped!