Code Security Finding: Path/Directory Traversal (CWE-22, High Severity) in MultiPartFileUtils.java:33

[joshn-whitesource-app]

Code Security Finding

This finding was first detected on 2023-12-06 01:34pm GMT and is still present in the last scan performed on 2024-02-15 10:26pm GMT:

Severity	Vulnerability Type	CWE	File	Data Flows
High	Path/Directory Traversal	CWE-22	MultiPartFileUtils.java:33	3
Vulnerable Code easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Lines 28 to 33 in b9f2abf public static boolean writeFile(Part part, String savePath, String fileName) throws IOException { boolean isConverted = false; OutputStream out = null; InputStream in = null; try { out = new FileOutputStream(savePath + File.separator + fileName); 3 Data Flow/s detected View Data Flow 1 easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java Line 141 in b9f2abf filePart = req.getPart("file"); easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java Line 148 in b9f2abf String fileName = MultiPartFileUtils.getFileName(filePart); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 56 in b9f2abf public static String getFileName(final Part part) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java Line 148 in b9f2abf String fileName = MultiPartFileUtils.getFileName(filePart); easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XEEandXXEServlet.java Line 157 in b9f2abf MultiPartFileUtils.writeFile(filePart, savePath, fileName); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 28 in b9f2abf public static boolean writeFile(Part part, String savePath, String fileName) throws IOException { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 33 in b9f2abf out = new FileOutputStream(savePath + File.separator + fileName); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 33 in b9f2abf out = new FileOutputStream(savePath + File.separator + fileName); View Data Flow 2 easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java Line 70 in b9f2abf final Part filePart = req.getPart("file"); easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java Line 71 in b9f2abf String fileName = MultiPartFileUtils.getFileName(filePart); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 56 in b9f2abf public static String getFileName(final Part part) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java Line 71 in b9f2abf String fileName = MultiPartFileUtils.getFileName(filePart); easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java Line 80 in b9f2abf boolean isConverted = MultiPartFileUtils.writeFile(filePart, savePath, fileName); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 28 in b9f2abf public static boolean writeFile(Part part, String savePath, String fileName) throws IOException { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 33 in b9f2abf out = new FileOutputStream(savePath + File.separator + fileName); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 33 in b9f2abf out = new FileOutputStream(savePath + File.separator + fileName); View Data Flow 3 easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java Line 69 in b9f2abf filePart = req.getPart("file"); easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java Line 76 in b9f2abf String fileName = MultiPartFileUtils.getFileName(filePart); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 56 in b9f2abf public static String getFileName(final Part part) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 57 in b9f2abf for (String content : part.getHeader("content-disposition").split(";")) { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 59 in b9f2abf return content.substring(content.indexOf('=') + 1).trim().replace("\"", ""); easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java Line 76 in b9f2abf String fileName = MultiPartFileUtils.getFileName(filePart); easybuggy/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java Line 81 in b9f2abf boolean isConverted = MultiPartFileUtils.writeFile(filePart, savePath, fileName); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 28 in b9f2abf public static boolean writeFile(Part part, String savePath, String fileName) throws IOException { easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 33 in b9f2abf out = new FileOutputStream(savePath + File.separator + fileName); easybuggy/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java Line 33 in b9f2abf out = new FileOutputStream(savePath + File.separator + fileName); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet 🏴 Suppress Finding ... as False Alarm ... as Acceptable Risk