Unsanitized user input in file path

Description

Allowing unsanitized user input in path resolution methods means an attacker could influence or control the file name or path used by an application, potentially leading to unauthorized access, data disclosure, or other security issues

Remediations

❌ Avoid wherever possible

✅ Use a safelist to specify which paths or directories can be accessed, and restrict attempts to access directories that are not whitelisted

✅ Sanitize user input when resolving paths. For example, use FilenameUtils.getName() to extract just the filename from raw input:

  public class Cls extends HttpServlet
{

public void handleRequest(HttpServletRequest request, HttpServletResponse response)
{
String image = request.getParameter("user_profile_picture");
File file = new File("user/profile/" + FilenameUtils.getName(image));
}
}

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_path_using_user_input

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_path_using_user_input

Ready to take the next step? Learn more about Bearer Cloud.