Adobe Cloud manager - Sonar issue - reads a file whose location might be specified by user input

Avatar

Avatar
Shape 1
Level 2
toimrank
Level 2

Likes

9 likes

Total Posts

22 posts

Correct reply

1 solution
Top badges earned
Shape 1
Validate 1
Give Back
Boost 5
Boost 3
View profile

Avatar
Shape 1
Level 2
toimrank
Level 2

Likes

9 likes

Total Posts

22 posts

Correct reply

1 solution
Top badges earned
Shape 1
Validate 1
Give Back
Boost 5
Boost 3
View profile
toimrank
Level 2

04-05-2021

Hi All,

 

We are seeing below issue in Sonar for below inline code, tried different approached but not able to resolve the issue:

 

Sonar Issue:

java/io/File.createTempFile(Ljava/lang/String;Ljava/lang/String;Ljava/io/File;)Ljava/io/File; reads a file whose location might be specified by user input

Vulnerability

Major

 

findsecbugs:PATH_TRAVERSAL_IN

cwe,owasp-a4,wasc

https://www.adobe.com/go/aem_cmcq_path_traversal_in_en

 

 

Code:

String fileName = pdfArray[pdfArray.length - 2];

File tempDir = Files.createTempDirectory(null).toFile();

File htmlFile = File.createTempFile(FilenameUtils.getName(fileName),PlatformConstants.HTML_SUFFIX, tempDir);

 

Thanks in advance

Accepted Solutions (0)

Answers (1)

Answers (1)

Avatar

Avatar
Ignite 1
MVP
SureshDhulipudi
MVP

Likes

163 likes

Total Posts

174 posts

Correct reply

49 solutions
Top badges earned
Ignite 1
Give Back 5
Give Back 3
Give Back 10
Give Back
View profile

Avatar
Ignite 1
MVP
SureshDhulipudi
MVP

Likes

163 likes

Total Posts

174 posts

Correct reply

49 solutions
Top badges earned
Ignite 1
Give Back 5
Give Back 3
Give Back 10
Give Back
View profile
SureshDhulipudi
MVP

04-05-2021

Did you try creating a separate method for createFile

 

static File createTempDir(File parentDir) throws IOException {
return Files.createTempDirectory(<param1>, <param2>,<param3>);
}