Review

Detector:

Findbugs

Target:

project '

uberfire

' version

0.3.1

Tags:

Potential Misuse

Anomaly identified by the detector. Please review whether this anomaly corresponds to a misuse.

Finding:	finding-5
In File:	org/uberfire/server/FileDownloadServlet.java
In Method:	doGet(HttpServletRequest, HttpServletResponse)
Code with Finding:	class FileDownloadServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { Path path = ioService.get(new URI(request.getParameter("path"))); byte[] bytes = ioService.readAllBytes(path); response.setHeader("Content-Disposition", String.format("attachment; filename=%s;", path.getFileName().toString())); response.setContentType("application/octet-stream"); response.getOutputStream().write( bytes, 0, bytes.length); } catch (URISyntaxException e) { logger.error("Failed to download a file.", e); } } }

Metadata

Hit	Rank	Desc	Type	Violations
No	5	SECHRS: This use of javax/servlet/http/HttpServletResponse.setHeader(Ljava/lang/String;Ljava/lang/String;)V might be used to include CRLF characters into HTTP headers	HTTP_RESPONSE_SPLITTING

Reviewer Name:	vidya
Comment: