Avoid user-input file

Ce produit n'est pas pris en charge par le site Datadog que vous avez sélectionné. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

ID: java-security/spring-request-file-tainted

Language: Java

Severity: Notice

Category: Security

CWE: 23

Description

An attacker could try to pass a filename of content that could traverse the server path and control system files. Make sure all user-inputs is checked and sanitized before use.

Learn More

Non-Compliant Code Examples

class Test {
  @PostMapping(value = "/fileupload")
  public ModelAndView importFile(@RequestParam("file") MultipartFile myFile) throws IOException {
    var user = (WebGoatUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    var destinationDir = new File(fileLocation, user.getUsername());
    destinationDir.mkdirs();
    myFile.transferTo(new File(destinationDir, myFile.getOriginalFilename()));
    log.debug("File saved to {}", new File(destinationDir, myFile.getOriginalFilename()));

    return new ModelAndView(
        new RedirectView("files", true),
        new ModelMap().addAttribute("uploadSuccess", "File uploaded successful"));
  }
}

Compliant Code Examples

class Test {
  @PostMapping(value = "/fileupload")
  public ModelAndView importFile(@RequestParam("file") MultipartFile myFile) throws IOException {
    // Safe: using sanitized filename
    String sanitizedFilename = "upload_" + System.currentTimeMillis() + ".dat";
    File destinationDir = new File(fileLocation);
    myFile.transferTo(new File(destinationDir, sanitizedFilename));
    return new ModelAndView(new RedirectView("files", true));
  }
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains