81,092
社区成员
发帖
与我相关
我的任务
分享fortity扫描java代码报Path Manipulation
Source: org.apache.commons.fileupload.servlet.ServletFileUpload.parseRequest()
From: com.puhua.ehome.work_order.WoAttachmentController.saveAttachment
File: com.puhua.ehome.workorder/src/com/puhua/ehome/work_order/WoAttachmentControll
er.java:106
104 upload.setSizeMax(50 * 1024 * 1024);
106 List<FileItem> list = (List<FileItem>) upload.parseRequest(request);
107 for (FileItem item : list) {
108 if (!item.isFormField()) {
109 Map<String, Object> map = new HashMap<String, Object>();
Sink Details
Sink: java.io.File.File()
Taint Flags: WEB, XSS
117 continue;
118 }
119 String uuid = UUID.randomUUID().toString();
120 CommonFileUtil.writeTo(new File(path + uuid + "_" + fileName), item.getInputStream());[/color]
121 WoAttachment wa = new WoAttachment();
122 wa.setAddress(adress + uuid + "_" + fileName);
123 wa.setName(fileName);
这两行代码怎么改
From: com.puhua.ehome.work_order.WoAttachmentController.saveAttachment
File: com.puhua.ehome.workorder/src/com/puhua/ehome/work_order/WoAttachmentControll
er.java:106
104 upload.setSizeMax(50 * 1024 * 1024);
106 List<FileItem> list = (List<FileItem>) upload.parseRequest(request);
107 for (FileItem item : list) {
108 if (!item.isFormField()) {
109 Map<String, Object> map = new HashMap<String, Object>();
Sink Details
Sink: java.io.File.File()
Taint Flags: WEB, XSS
117 continue;
118 }
119 String uuid = UUID.randomUUID().toString();
120 CommonFileUtil.writeTo(new File(path + uuid + "_" + fileName), item.getInputStream());[/color]
121 WoAttachment wa = new WoAttachment();
122 wa.setAddress(adress + uuid + "_" + fileName);
123 wa.setName(fileName);
这两行代码怎么改
...全文
请发表友善的回复…
发表回复
