Merge pull request #11540 from github/smowton/fix/path-injection-example-syntax-error

Java: fix syntax error in path-injection example fix
2026-04-27 09:45:15 +02:00 · 2022-12-02 11:47:53 +00:00
parent 194b754880 6e98c67869
commit fef03a0806
1 changed files with 2 additions and 2 deletions
--- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.java
+++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.java
@@ -16,9 +16,9 @@ public void sendUserFileFixed(Socket sock, String user) {
 	// ...
 	
 	// GOOD: remove all dots and directory delimiters from the filename before using
-	String filename = filenameReader.readLine().replaceAll("\.", "").replaceAll("/", "");
+	String filename = filenameReader.readLine().replaceAll("\\.", "").replaceAll("/", "");
 	BufferedReader fileReader = new BufferedReader(
 			new FileReader("/home/" + user + "/" + filename));

 	// ...
-}
+}