Hi All,
We are seeing below issue in Sonar for below inline code, tried different approached but not able to resolve the issue:
Sonar Issue:
java/io/File.createTempFile(Ljava/lang/String;Ljava/lang/String;Ljava/io/File;)Ljava/io/File; reads a file whose location might be specified by user input | Vulnerability | Major | | findsecbugs:PATH_TRAVERSAL_IN | cwe,owasp-a4,wasc | https://www.adobe.com/go/aem_cmcq_path_traversal_in_en |
Code:
String fileName = pdfArray[pdfArray.length - 2];
File tempDir = Files.createTempDirectory(null).toFile();
File htmlFile = File.createTempFile(FilenameUtils.getName(fileName),PlatformConstants.HTML_SUFFIX, tempDir);
Thanks in advance