CX Input_Path_Not_Canonicalized @ src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java [master]

**Input_Path_Not_Canonicalized** issue exists @ **src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java** in branch **master**

*Method processRequest at line 39 of src\main\java\org\cysecurity\cspf\jvl\controller\AddPage.java gets dynamic data from the &quot;&quot;filename&quot;&quot; element. This element’s value then flows through the code and is eventually used in a file path for local disk access in processRequest at line 45 of src\main\java\org\cysecurity\cspf\jvl\controller\AddPage.java. This may cause a Path Traversal vulnerability.
Similarity ID: 570160997*

Severity: Medium

CWE:73

[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/73.html)

[Checkmarx](http://WIN2012-ENV9-B/CxWebClient/ViewerMain.aspx?scanid=1000421&projectid=33&pathid=269)

[Training](https://checkmarx-demo.codebashing.com/courses/)
[Recommended Fix](http://WIN2012-ENV9-B/CxWebClient/ScanQueryDescription.aspx?queryID=3618&queryVersionCode=92782634&queryTitle=Input_Path_Not_Canonicalized)

Lines: [39](https://github.com/nidhi0512/JavaVulnerableLab/blob/master/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java#L39) 

---
[Code (Line #39):](https://github.com/nidhi0512/JavaVulnerableLab/blob/master/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java#L39)
```
String fileName=request.getParameter("filename");
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CX Input_Path_Not_Canonicalized @ src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java [master] #853

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX Input_Path_Not_Canonicalized @ src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java [master] #853

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions