-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PDI-17941] Data Validator - Read allowed Values from another step - Lose values #9670
base: master
Are you sure you want to change the base?
Conversation
Quality Gate passedIssues Measures |
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionOverviewPath traversal, also known as directory traversal, is a type of Vulnerable examplepublic class path_traversaLvuln {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
}
} In this example, an attacker can, via a stored parameter, inject a back-path, Remediationpublic class path_traversal_safe {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
+ Path normDocPath = docPath.normalize();
+ // Make sure the canonical path resides in the desired dir
+ if (normDocPath.startsWith(DOCS_FOLDER)) {
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
+ }
}
} By checking that the folder name still starts with the predefined prefix, we Code FlowsVulnerable data flow analysis result
|
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionOverviewPath traversal, also known as directory traversal, is a type of Vulnerable examplepublic class path_traversaLvuln {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
}
} In this example, an attacker can, via a stored parameter, inject a back-path, Remediationpublic class path_traversal_safe {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
+ Path normDocPath = docPath.normalize();
+ // Make sure the canonical path resides in the desired dir
+ if (normDocPath.startsWith(DOCS_FOLDER)) {
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
+ }
}
} By checking that the folder name still starts with the predefined prefix, we Code FlowsVulnerable data flow analysis result
|
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionOverviewPath traversal, also known as directory traversal, is a type of Vulnerable examplepublic class path_traversaLvuln {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
}
} In this example, an attacker can, via a stored parameter, inject a back-path, Remediationpublic class path_traversal_safe {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
+ Path normDocPath = docPath.normalize();
+ // Make sure the canonical path resides in the desired dir
+ if (normDocPath.startsWith(DOCS_FOLDER)) {
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
+ }
}
} By checking that the folder name still starts with the predefined prefix, we Code FlowsVulnerable data flow analysis result
Vulnerable data flow analysis result
Vulnerable data flow analysis result
Vulnerable data flow analysis result
Vulnerable data flow analysis result
Vulnerable data flow analysis result
|
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionOverviewPath traversal, also known as directory traversal, is a type of Vulnerable examplepublic class path_traversaLvuln {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
}
} In this example, an attacker can, via a stored parameter, inject a back-path, Remediationpublic class path_traversal_safe {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
+ Path normDocPath = docPath.normalize();
+ // Make sure the canonical path resides in the desired dir
+ if (normDocPath.startsWith(DOCS_FOLDER)) {
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
+ }
}
} By checking that the folder name still starts with the predefined prefix, we Code FlowsVulnerable data flow analysis result
|
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionOverviewPath traversal, also known as directory traversal, is a type of Vulnerable examplepublic class path_traversaLvuln {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
}
} In this example, an attacker can, via a stored parameter, inject a back-path, Remediationpublic class path_traversal_safe {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
+ Path normDocPath = docPath.normalize();
+ // Make sure the canonical path resides in the desired dir
+ if (normDocPath.startsWith(DOCS_FOLDER)) {
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
+ }
}
} By checking that the folder name still starts with the predefined prefix, we Code FlowsVulnerable data flow analysis result
|
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionOverviewPath traversal, also known as directory traversal, is a type of Vulnerable examplepublic class path_traversaLvuln {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
}
} In this example, an attacker can, via a stored parameter, inject a back-path, Remediationpublic class path_traversal_safe {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = statement.executeQuery(query); // Reading from DB
Path docPath = Paths.get(DOCS_FOLDER, docName);
+ Path normDocPath = docPath.normalize();
+ // Make sure the canonical path resides in the desired dir
+ if (normDocPath.startsWith(DOCS_FOLDER)) {
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
+ }
}
} By checking that the folder name still starts with the predefined prefix, we Code FlowsVulnerable data flow analysis result
|
❌ Build failed in 3h 10m 55sBuild command: mvn clean verify -B -e -Daudit -Djs.no.sandbox -pl ui 👌 All tests passed! Tests run: 357, Failures: 0, Skipped: 0 Test Results ℹ️ This is an automatic message |
@pentaho/tatooine_dev