include::../description.adoc[]

== Noncompliant Code Example

----
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException {

  if (ServletFileUpload.isMultipartContent(request)) {

    FileItemFactory factory = new DiskFileItemFactory();
    ServletFileUpload upload = new ServletFileUpload(factory);  // Noncompliant
    // ...
----

== See

* https://cwe.mitre.org/data/definitions/434[CWE-434] - Unrestricted Upload of File with Dangerous Type
* https://cwe.mitre.org/data/definitions/400.html[CWE-400] - Uncontrolled Resource Consumption
* https://www.owasp.org/index.php/Top_10_2010-A4-Insecure_Direct_Object_References[OWASP Top 10 2017 Category A4] - Insecure Direct Object References
* https://www.owasp.org/index.php/Unrestricted_File_Upload[OWASP Unrestricted File Upload] - Unrestricted File Upload
* https://wiki.sei.cmu.edu/confluence/display/java/IDS56-J.+Prevent+arbitrary+file+upload[CERT, IDS56-J.] - Prevent arbitrary file upload
* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components

ifdef::env-github,rspecator-view[]
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]