Skip to content

Commit 6e98c67

Browse files
smowtonsmowton
authored
Java: fix syntax error in path-injection example fix
1 parent 7bf0e7c commit 6e98c67

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

java/ql/src/Security/CWE/CWE-022/TaintedPath.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ public void sendUserFileFixed(Socket sock, String user) {
1616
// ...
1717

1818
// GOOD: remove all dots and directory delimiters from the filename before using
19-
String filename = filenameReader.readLine().replaceAll("\.", "").replaceAll("/", "");
19+
String filename = filenameReader.readLine().replaceAll("\\.", "").replaceAll("/", "");
2020
BufferedReader fileReader = new BufferedReader(
2121
new FileReader("/home/" + user + "/" + filename));
2222

2323
// ...
24-
}
24+
}

0 commit comments

Comments
 (0)