CWE-73: External Control of File Name or Path Veracode java solution

Question

Can somebody please help me know java coding solution for below Vera code canning error?

I am creating a file and passing file location as argument.

File file1=new File(filePath);
**CWE-73: External Control of File Name or Path**

score 0 · Answer 1 · edited Jan 03 '17 at 18:29

0

You can use the:

Validator validator = ESAPI.validator();
validator.getValidDirectoryPath(..) // to validate the directory path
validator.getValidFileName(...) // to validate the file name

and then use them to create your file

edited Jan 03 '17 at 18:29

Botond Botos

1,202
13
20

answered Jan 03 '17 at 17:35

Chiraz

1
1

Thank you.Now I have to validate JavaScript code to pass through Coverity scan.My javascript code is reading data from HTTP request.There are many instance of such codes that I need to validate using ESAPI.one example is request.getParameter("transactionType"); other code is var transactionType='<%=tranType%>' – Raj Singh May 02 '18 at 08:39

CWE-73: External Control of File Name or Path Veracode java solution

1 Answers1