Hi All,
We are seeing below issue in Sonar for below inline code, tried different approached but not able to resolve the issue:
Sonar Issue:
java/io/File.createTempFile(Ljava/lang/String;Ljava/lang/String;Ljava/io/File;)Ljava/io/File; reads a file whose location might be specified by user input | Vulnerability | Major | findsecbugs:PATH_TRAVERSAL_IN | cwe,owasp-a4,wasc |
Code:
String fileName = pdfArray[pdfArray.length - 2];
File tempDir = Files.createTempDirectory(null).toFile();
File htmlFile = File.createTempFile(FilenameUtils.getName(fileName),PlatformConstants.HTML_SUFFIX, tempDir);
Thanks in advance
Views
Replies
Total Likes
Did you try creating a separate method for createFile
static File createTempDir(File parentDir) throws IOException {
return Files.createTempDirectory(<param1>, <param2>,<param3>);
}
We tried applying the above mentioned suggestions but still its showing the vulnerability in Sonar.
Error:::reads a file whose location might be specified by user input Vulnerability
Hello, were you able to solve the problem? I find myself with the same problem, the adaptations have already been added according to the documentation and it keeps showing me the error.
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies