Expand my Community achievements bar.

Adobe Cloud manager - Sonar issue - reads a file whose location might be specified by user input

Avatar

Level 3
Level 3
‎04-05-2021 11:43 PDT

Hi All,

 

We are seeing below issue in Sonar for below inline code, tried different approached but not able to resolve the issue:

 

Sonar Issue:

java/io/File.createTempFile(Ljava/lang/String;Ljava/lang/String;Ljava/io/File;)Ljava/io/File; reads a file whose location might be specified by user input

Vulnerability

Major

 

findsecbugs:PATH_TRAVERSAL_IN

cwe,owasp-a4,wasc

https://www.adobe.com/go/aem_cmcq_path_traversal_in_en

 

 

Code:

String fileName = pdfArray[pdfArray.length - 2];

File tempDir = Files.createTempDirectory(null).toFile();

File htmlFile = File.createTempFile(FilenameUtils.getName(fileName),PlatformConstants.HTML_SUFFIX, tempDir);

 

Thanks in advance

Views

1.7K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Community Advisor
Community Advisor
‎04-05-2021 18:24 PDT

Did you try creating a separate method for createFile

 

static File createTempDir(File parentDir) throws IOException {
return Files.createTempDirectory(<param1>, <param2>,<param3>);
}

Views

1.6K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
‎22-03-2022 08:40 PDT
In response to SureshDhulipudi

We tried applying the above mentioned suggestions but still its showing the vulnerability in Sonar.

Error:::reads a file whose location might be specified by user input Vulnerability

Views

1.4K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
‎28-08-2023 12:03 PDT
In response to Abinash

Hello, were you able to solve the problem? I find myself with the same problem, the adaptations have already been added according to the documentation and it keeps showing me the error.

Views

85

Replies

0
Sign in to like this content

Total Likes

Translate
Translate