0

I use the following code:

    String workingDir = System.getProperty("user.dir") + File.separator;
    new File(workingDir + "tempDir").mkdirs();

After Fortify's vulnerability scanning to obtain the following results: Input Validation and Representation.

how to avoid the problem arise?

Even
  • 23
  • 5
  • It's possible for `System.getProperty` to return `null`, you're also ignoring the return results from `mkdirs`. At a guess – MadProgrammer Oct 16 '15 at 04:08
  • I don't think this issue will cause "Input Validation and Representation". It looks like the attacker can change a threat of arguments. Thanks for your comments. – Even Oct 16 '15 at 05:42
  • Probably not, but there is a case there for some more vigilance ;) – MadProgrammer Oct 16 '15 at 05:43

0 Answers0