Missing protection against path traversal

Description

Allowing unsanitized user input in path resolution methods means an attacker could gain access to files and folders outside of the intended scope (path traversal).

Remediations

❌ Wherever possible, avoid constructing filepaths with user input

✅ Use Paths helpers to normalize filepaths. This removes unwanted patterns in the path such as \..\.. that could lead to path traversal attacks

  public class Cls extends HttpServlet
{

public void handleRequest(HttpServletRequest request, HttpServletResponse response)
{
String image = request.getParameter("user_profile_picture");

// normalize path
Path imagePath = Paths.get("user/profile/" + FilenameUtils.getName(image)).normalize();
File file = new File(imagePath.toString());
}
}

Resources

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_path_traversal

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_path_traversal