ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modify S2083(java): Improve the compliant sample (#3472)

Browse Source
This commit is contained in:
Loris S 2023-11-30 19:07:23 +01:00 committed by GitHub
parent 7cb81aa05a
commit f0db71d524
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
rules/S2083/java/how-to-fix-it/java-se.adoc
View File

@ -31,15 +31,15 @@ public class ExampleController
@Controller @Controller
public class ExampleController public class ExampleController
{ {
static private String targetDirectory = "/path/to/target/directory/"; private static String targetDirectory = "/path/to/target/directory/";
private static Path targetPath = new File(targetDirectory).toPath().normalize();
@GetMapping(value = "/delete") @GetMapping(value = "/delete")
public void delete(@RequestParam("filename") String filename) throws IOException { public void delete(@RequestParam("filename") String filename) throws IOException {
File file = new File(targetDirectory + filename); File file = new File(targetPath + filename);
String canonicalDestinationPath = file.getCanonicalPath();
if (!canonicalDestinationPath.startsWith(targetDirectory)) { if (!file.toPath().normalize().startsWith(targetPath)) {
throw new IOException("Entry is outside of the target directory"); throw new IOException("Entry is outside of the target directory");
} }