Path Traversal due to Unsafe File Access
Description
Detected potential file path traversal via user-controlled input. Attackers may use "../" to access sensitive files.
Examples
Insecure Code
java
File file = new File("/static/", request.getParameter("file"));Secure Code
java
File file = new File("/static/", FilenameUtils.getName(request.getParameter("file")));Remediation
Use `FilenameUtils.getName(...)` to sanitize input.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0212 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-22 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | path traversal, file access |
| OWASP | A01:2021-Broken Access Control |