Java: fix syntax error in path-injection example fix

2026-04-27 17:55:19 +02:00 · 2022-12-02 10:04:53 +00:00
parent 7bf0e7ccc9
commit 6e98c67869
1 changed files with 2 additions and 2 deletions
--- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.java
+++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.java
@@ -16,9 +16,9 @@ public void sendUserFileFixed(Socket sock, String user) {
 	// ...
 	
 	// GOOD: remove all dots and directory delimiters from the filename before using
-	String filename = filenameReader.readLine().replaceAll("\.", "").replaceAll("/", "");
+	String filename = filenameReader.readLine().replaceAll("\\.", "").replaceAll("/", "");
 	BufferedReader fileReader = new BufferedReader(
 			new FileReader("/home/" + user + "/" + filename));

 	// ...
-}
+}