Skip to Content
0
Aug 20, 2018 at 11:14 AM

Path Traversal issue when I get the root path of Hybris

161 Views

Hi,

we have recently installed Sonar to clean and tidy up our Hybris source code but I ended up with a problem that I am not sure if it has any solution.

Currently I am retrieving my Hybris location from the "project.properties" file. This file has a variable that I can guess where my Hybris project is installed: ${HYBRIS_DATA_DIR}

So I inject it in my class from Spring xml file:

Everything is all right, this logic works perfect for me but Sonar is complaining that this is not a secure way to do it? And it is showing the message: Security - Potential Path Traversal (file read)

The Java line it is complaining about is: final File directory = new File(FilenameUtils.getFullPathNoEndSeparator(getFilePath()));

I tried to used FilenameUtils that is suggested by Sonar, but still complaining about it.

Has anyone know how I can tackle the Path Traversal problem?

Thank you