Uncontrolled data used in path expression

Asked Mar 27 '23 at 08:25

Active Mar 27 '23 at 08:45

Viewed 306 times

I am getting a uncontrolled data used in path expression error in codeql for the following code block:

public static File getObjAsFile(LibraryObject object, LibraryObjectType objectType, boolean encrypt, File tempFile) { // Step 1
...
try {

    if (encrypt) {
        ...
    } else {
        try (FileOutputStream outputStream = new FileOutputStream(tempFile)) {  // Step 2
            byte[] outputBytes = serializedJson.getBytes(StandardCharsets.UTF_8);
            outputStream.write(outputBytes);
        }
    }
return tempFile;
} catch (Exception e) {
  LOG.e("Unable to create the library object export file {}", e);
}}

I am getting "This path depends on user provided value" at steps 1 and 2. Not sure how to fix this issue.

asked Mar 27 '23 at 08:25

keroth

It would probably be more interesting here who is calling `getObjAsFile`, respectively the call path CodeQL reported from the user input (or at least what it considered user input) to the `getObjAsFile` method. – Marcono1234 Mar 31 '23 at 18:12

Uncontrolled data used in path expression

0 Answers0