Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Security Finding: Path/Directory Traversal (CWE-22, High Severity) in UnrestrictedSizeUploadServlet.java:127 #80

Open
2 tasks
joshn-whitesource-app bot opened this issue Feb 7, 2024 · 0 comments
Open
2 tasks

Code Security Finding: Path/Directory Traversal (CWE-22, High Severity) in UnrestrictedSizeUploadServlet.java:127 #80

joshn-whitesource-app bot opened this issue Feb 7, 2024 · 0 comments
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@joshn-whitesource-app
Copy link
Contributor

joshn-whitesource-app bot commented Feb 7, 2024
edited
Loading

Code Security Finding

This finding was first detected on 2023-12-06 01:34pm GMT and is still present in the last scan performed on 2024-02-15 10:26pm GMT:

SeverityVulnerability TypeCWEFileData Flows
HighPath/Directory Traversal

CWE-22

UnrestrictedSizeUploadServlet.java:127

1
Vulnerable Code

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Lines 122 to 127 in b9f2abf

pixelBuffer[2] = ~pixelBuffer[2];
raster.setPixel(x, y, pixelBuffer);
}
}
// Output the image
ImageIO.write(image, "png", new File(fileName));

1 Data Flow/s detected

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 70 in b9f2abf

final Part filePart = req.getPart("file");

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 71 in b9f2abf

String fileName = MultiPartFileUtils.getFileName(filePart);

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 56 in b9f2abf

public static String getFileName(final Part part) {

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 57 in b9f2abf

for (String content : part.getHeader("content-disposition").split(";")) {

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 57 in b9f2abf

for (String content : part.getHeader("content-disposition").split(";")) {

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 57 in b9f2abf

for (String content : part.getHeader("content-disposition").split(";")) {

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 57 in b9f2abf

for (String content : part.getHeader("content-disposition").split(";")) {

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 57 in b9f2abf

for (String content : part.getHeader("content-disposition").split(";")) {

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 57 in b9f2abf

for (String content : part.getHeader("content-disposition").split(";")) {

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 57 in b9f2abf

for (String content : part.getHeader("content-disposition").split(";")) {

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 57 in b9f2abf

for (String content : part.getHeader("content-disposition").split(";")) {

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 59 in b9f2abf

return content.substring(content.indexOf('=') + 1).trim().replace("\"", "");

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 59 in b9f2abf

return content.substring(content.indexOf('=') + 1).trim().replace("\"", "");

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 59 in b9f2abf

return content.substring(content.indexOf('=') + 1).trim().replace("\"", "");

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 59 in b9f2abf

return content.substring(content.indexOf('=') + 1).trim().replace("\"", "");

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 59 in b9f2abf

return content.substring(content.indexOf('=') + 1).trim().replace("\"", "");

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 59 in b9f2abf

return content.substring(content.indexOf('=') + 1).trim().replace("\"", "");

easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java

Line 59 in b9f2abf

return content.substring(content.indexOf('=') + 1).trim().replace("\"", "");

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 71 in b9f2abf

String fileName = MultiPartFileUtils.getFileName(filePart);

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 84 in b9f2abf

isConverted = reverseColor(new File(savePath + File.separator + fileName).getAbsolutePath());

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 84 in b9f2abf

isConverted = reverseColor(new File(savePath + File.separator + fileName).getAbsolutePath());

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 84 in b9f2abf

isConverted = reverseColor(new File(savePath + File.separator + fileName).getAbsolutePath());

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 84 in b9f2abf

isConverted = reverseColor(new File(savePath + File.separator + fileName).getAbsolutePath());

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 84 in b9f2abf

isConverted = reverseColor(new File(savePath + File.separator + fileName).getAbsolutePath());

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 84 in b9f2abf

isConverted = reverseColor(new File(savePath + File.separator + fileName).getAbsolutePath());

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 111 in b9f2abf

private boolean reverseColor(String fileName) throws IOException {

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 127 in b9f2abf

ImageIO.write(image, "png", new File(fileName));

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 127 in b9f2abf

ImageIO.write(image, "png", new File(fileName));

easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java

Line 127 in b9f2abf

ImageIO.write(image, "png", new File(fileName));

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Path/Directory Traversal Training

● Videos

   ▪ Secure Code Warrior Path/Directory Traversal Video

● Further Reading

   ▪ OWASP Path Traversal

   ▪ OWASP Input Validation Cheat Sheet

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
@joshn-whitesource-app joshn-whitesource-app bot added the Mend: code security findings Code security findings detected by Mend label Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Mend: code security findings Code security findings detected by Mend
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants