While Uploading Multipart file I am getting CodeQL issue.
Controller Code:
@PostMapping("/uploadTraining/{organizationID}/{userID}")
UploadTrainingResult uploadTraining(@RequestParam("file") MultipartFile fname,
@PathVariable("organizationID") String organizationID,
@PathVariable("userID") String userID) throws UploadTrainingException, IOException {
logger.debug("Fetching upload training details : {}");
Optional<String> orgId = Optional.ofNullable(organizationID);
Optional<String> userId = Optional.ofNullable(userID);
Optional<MultipartFile> data = Optional.ofNullable(fname);
return maintenanceService.uploadTraining(Integer.valueOf(orgId.get()),
Integer.valueOf(userId.get()),data.get());
}
Repo Code:
private UploadTrainingResult upload(Integer organizationID, Integer userID, MultipartFile data) throws UploadTrainingException, IOException {
UploadTrainingResult result = new UploadTrainingResult();
result.setErrors(new ArrayList<>());
result.setStatus(0);
FileSystem fs = FileSystems.getDefault();
if(data !=null && !data.isEmpty()) {
var name = data.getOriginalFilename().replace(" ", "_");
var path = Paths.get(TrainingsDir, name);
if(!path.normalize().startsWith(TrainingsDir)){
throw new IOException("Could not upload file: " + name);
}
try {
File file = new File(path.toString());
if (!file.exists()) {
data.transferTo(file);
result.setStatus(1);
}
} catch (IOException e) {
throw new IOException("IO exception while Uploading file");
}
}else{
throw new UploadTrainingException("Error in uploading file:");
}
result.setUploadPath(TrainingsDir);
return result;
}
I am upload video,PDF or other file to some folder location on server. Everything is working fine but while raising Pull Request in GIT CodeQL scanning is failing. An anyone please help me out to fix this issue.
Regards, Prabhash
