You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have PdfViewPager integrated in our Android mobile app that is already available in Google Play Store. As part of security implementation review, the app is being scanned using Veracode.
Issue is found on FileUtil.java where Veracode reported Server Directory Traversal Issues > External Control of File Name or Path (CWE ID 73) as a Medium severity. Report mentioned the issue is "This call contains a path manipulation flaw. The argument to the function is a filename constructed using untrusted input. If an attacker is allowed to specify all or part of the filename, it may be possible to gain unauthorized access to files on the server, including those outside the webroot, that would be normally be inaccessible to end users. The level of exposure depends on the effectiveness of input validation routines, if any."
The issue is reported on the following line of code from FileUtil.java:
com/.../library/util/FileUtil.java 28
com/.../library/util/FileUtil.java 29
com/.../library/util/FileUtil.java 31
public class FileUtil {
public static boolean copyAsset(Context ctx, String assetName, String destinationPath) throws IOException {
InputStream in = ctx.getAssets().open(assetName);
File f = new File(destinationPath);
f.createNewFile();
OutputStream out = new FileOutputStream(new File(destinationPath));
byte[] buffer = new byte[1024];
int read;
while ((read = in.read(buffer)) != -1) {
out.write(buffer, 0, read);
}
in.close();
out.close();
return true;
}
The text was updated successfully, but these errors were encountered:
We have PdfViewPager integrated in our Android mobile app that is already available in Google Play Store. As part of security implementation review, the app is being scanned using Veracode.
Issue is found on FileUtil.java where Veracode reported Server Directory Traversal Issues > External Control of File Name or Path (CWE ID 73) as a Medium severity. Report mentioned the issue is "This call contains a path manipulation flaw. The argument to the function is a filename constructed using untrusted input. If an attacker is allowed to specify all or part of the filename, it may be possible to gain unauthorized access to files on the server, including those outside the webroot, that would be normally be inaccessible to end users. The level of exposure depends on the effectiveness of input validation routines, if any."
The issue is reported on the following line of code from FileUtil.java:
com/.../library/util/FileUtil.java 28
com/.../library/util/FileUtil.java 29
com/.../library/util/FileUtil.java 31
The text was updated successfully, but these errors were encountered: