Stack Overflow
Stack Overflow

Questions tagged [path-manipulation]

31 questions
2
votes
2 answers

PHP - Path Manipulation / Input Validation

I ran a Gray Box Assessment test for an application i developed and i have some vulnerabilities, specific a Path Manipulation in the Input Validation Category. I have in my code: if (move_uploaded_file($_FILES["file"]["tmp_name"],"contacts_load/" .…
JuanSedano
  • 1,025
  • 8
  • 14
1
vote
0 answers

fortify: path manipulation in c#

I have the following code snippet: string fileUrl = "Folder1"+jaar+".docx"; getFile(fileUrl); The jaar parameter which is an int is the current year and actually comes from the application and it is not an input from the user, however Fortify…
user20377051
  • 25
  • 5
1
vote
0 answers

How to prevent "Path manipulation" issues in C#, .net core For below statment getting error

Fority Scan reported "Path Manipulation" security issues in following methods File.Exist() File.Create() File.Delete() File.OpenRead() File.OpenWrite() should i ignore the scan report or what would be the correct fix for this?
Özlem Kozan
  • 49
  • 3
1
vote
3 answers

Manipulating paths in python

I am writing a python script 2.5 in Windows whose CurrentDir = C:\users\spring\projects\sw\demo\753\ver1.1\011\rev120\source my file is test.py. From this path I would like to access files in this path:…
spring
  • 13
  • 1
  • 4
1
vote
0 answers

Path manipulation issue in spring boot

I am using this code to read all the files in Java folder with which are ending with ".properties". @Value("classpath*:com/tech/java/*.properties") private Resource[] files; for (Resource resource : files) { File file =…
sandeep
  • 11
  • 1
1
vote
1 answer

How to avoid path traversal security vulnerability

I have a python web application that accepts a http URL to a PDF file from the URL. As part of what the application does, it needs to convert the PDF into a TIFF image using ghost script. And for this, the PDF needs to be saved locally. So to do…
Anthony
  • 33,838
  • 42
  • 169
  • 278
1
vote
0 answers

Python Scripts + Use of folders and paths

This time I need help with python and paths manipulations. In first place i will will show you the structure im using on this set of apps: MainFolder: Folder1. Subfolder1. Subfolder2. Folder2. The folder I have the scripts in, is Folder 2.…
dmb
  • 13
  • 4
1
vote
1 answer

Python os.path.join absolute path on Linux

I have a file path like this: file_name = full_path + env + '/filename.txt' in which: full_path is '/home/louis/key-files/ env is 'prod' => file name is '/home/louis/key-files/prod/filename.txt' I want to use os.path.join file_name =…
Ragnarsson
  • 1,715
  • 7
  • 41
  • 74
1
vote
0 answers

How to prevent Path manipulation issues in C#

How to prevent Path manipulation issues in C# For below statment getting error. EX: File.Exist() File.Create() File.Delete() File.OpenRead() File.OpenWrite() .
Kartheek Subramanyam
  • 11
  • 2
0
votes
0 answers

.NET Fortify Path Manipulation

Does anyone know how to resolve path manipulation issue reported by Forify scan. I am already checking it path is exists but still Fortify reporting it as a vulnerability. Example: string path = "set by user"; if(Path.Exists(path)) { //Do file…
Harshal C
  • 7
  • 5
0
votes
0 answers

Path Manipulation Fortify Security Remediation

When we scanned the code in the fortify security remediation scan tool. we got the below message for the Path Manipulation attack "Attackers are able to control the file system path argument to FileInfo(), which allows them to access or modify…
SJK
  • 1
  • 4
0
votes
1 answer

Fortify shows critical vulnerability File.Delete() operation C#

The following code always shows path manipulation problem. How to resolve it ? using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.IO; using System.Text.RegularExpressions; namespace…
jeet_xp
  • 11
  • 1
  • 5
0
votes
0 answers

Path manipulation issue report by fortify scan

I have been fixing fortify issues in our application. below piece of code always reported as path manipulation issue. I don't understand why. There is no user input in this method. Could someone please help me on this I am not able to figure out how…
user1520277
  • 59
  • 2
  • 11
0
votes
1 answer

Powershell: Edit the drive letter of all my shortcuts that begin with X:\

I have a situation where all the paths in the shortcut files that are located in the %AppData%\Microsoft\Windows\Start Menu\Programs folder and subfolders all point to an incorrect drive letter. This includes the Target: value, Start In: value and…
Jim Dandy
  • 3
  • 2
0
votes
1 answer

Input parameter sanitization in android for avoiding vulnerabilities

Recently while source code audit of my android application auditors have raised few points like path manipulation, privacy violation attacks? I have been searching for proper solutions since last few days but couldn't find any fruitful solution.…
jil123
  • 99
  • 1
  • 12
1
2
3