The filename of the file being opened comes from an input parameter. If an unfiltered parameter is passed to the API, any location on the filesystem can be read.
classMyClass{@GET@Path("/images/{image}")@Produces("images/*")publicResponsegetImage(@javax.ws.rs.PathParam("image")Stringimage){Filefile=newFile("resources/images/",image);//Weak point
if(!file.exists()){returnResponse.status(Status.NOT_FOUND).build();}returnResponse.ok().entity(newFileInputStream(file)).build();}}
Compliant Code Examples
importorg.apache.commons.io.FilenameUtils;classMyClass{@GET@Path("/images/{image}")@Produces("images/*")publicResponsegetImage(@javax.ws.rs.PathParam("image")Stringimage){Filefile=newFile("resources/images/",FilenameUtils.getName(image));//Fix
if(!file.exists()){returnResponse.status(Status.NOT_FOUND).build();}returnResponse.ok().entity(newFileInputStream(file)).build();}@GET@Path("/images/{image}")@Produces("images/*")publicResponsegetImage(@javax.ws.rs.PathParam("image")Stringimage){Filefile=newFile("resources/images/",image2);//Weak point
if(!file.exists()){returnResponse.status(Status.NOT_FOUND).build();}returnResponse.ok().entity(newFileInputStream(file)).build();}}
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- java-security # Rules to enforce Java security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines