hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Address suggestions from review.

Browse Source
This commit is contained in:
Max Schaefer
2023-11-16 10:05:21 +00:00
parent a46a7fadb2
commit 009d58034f
3 changed files with 22 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.java
View File

@@ -21,10 +21,10 @@ public class TaintedPath {
public void sendUserFileGood(Socket sock, String user) throws IOException {
BufferedReader filenameReader = new BufferedReader(new InputStreamReader(sock.getInputStream(), "UTF-8"));
String filePath = filenameReader.readLine();
String filename = filenameReader.readLine();
// GOOD: ensure that the file is in a designated folder in the user's home directory
if (!filePath.contains("..") && filePath.startsWith("/home/" + user + "/public/")) {
BufferedReader fileReader = new BufferedReader(new FileReader(filePath));
if (!filename.contains("..") && filename.startsWith("/home/" + user + "/public/")) {
BufferedReader fileReader = new BufferedReader(new FileReader(filename));
String fileLine = fileReader.readLine();
while(fileLine != null) {
sock.getOutputStream().write(fileLine.getBytes());