CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
      • Android
      • Aws-lambda
      • Castor
      • Java-jwt
      • Jax-rs
      • Jboss
      • Jdo
      • Jedis
      • Jjwt
      • Jsch
      • Kryo
      • Lang
      • Micronaut
        • Audit
        • Command-injection
        • Deserialization
        • Path-traversal
          • File-access-taint-msg
          • File-access-taint-sls
          • File-access-taint-ws
          • File-access-taint
          • File-taint-msg
          • File-taint-sls
            • File taint sls
          • File-taint-ws
          • File-taint
        • Redirect
        • Ssrf
        • Xss
      • Mongo
      • Mongodb
      • Mysql
      • Okhttp
      • Rmi
      • Servlets
      • Spring
      • Thymeleaf
      • Xstream
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
File-taint-sls

File taint sls

file-taint-sls

The application builds a file path from potentially untrusted data, which can lead to a path traversal vulnerability. An attacker can manipulate the path which the application uses to access files. If the application does not validate user input and sanitize file paths, sensitive files such as configuration or user data can be accessed, potentially creating or overwriting files. To prevent this vulnerability, validate and sanitize any input that is used to create references to file paths. Also, enforce strict file access controls. For example, choose privileges allowing public-facing applications to access only the required files. In Java, you may also consider using a utility method such as org.apache.commons.io.FilenameUtils.getName(...) to only retrieve the file name from the path.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP:
- A01:2021 - Broken Access Control
- A05:2017 - Broken Access Control
File taint msgFile taint ws
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.