Possible path traversal vulnerability detected
- Rule ID: java_lang_path_traversal
- Languages: java
- Source: path_traversal.yml
Allowing unsanitized user input in path resolution methods means an attacker could gain access to files and folders outside of the intended scope.
❌ Avoid wherever possible
✅ Sanitize user input when resolving paths, for example:
FilenameUtils.getName() to mitigate against unwanted patterns in the path (such as
public class Cls extends HttpServlet
public void handleRequest(HttpServletRequest request, HttpServletResponse response)
String image = request.getParameter("user_profile_picture");
File file = new File("user/profile/" + FilenameUtils.getName(image));
OWASP Top 10
Ready to take the next step? Join the Bearer Cloud waitlist.