Review

Detector:

Findbugs

Target:

project '

uberfire

' version

0.3.1

Tags:

Potential Misuse

Anomaly identified by the detector. Please review whether this anomaly corresponds to a misuse.

Finding:	finding-9
In File:	org/uberfire/server/FileUploadServlet.java
In Method:	doPost(HttpServletRequest, HttpServletResponse)
Code with Finding:	class FileUploadServlet { @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { if (request.getParameter("path") != null) { writeFile(ioService.get(new URI(request.getParameter("path"))), getFileItem(request)); writeResponse(response, "OK"); } else if (request.getParameter("folder") != null) { writeFile( ioService.get(new URI(request.getParameter("folder") + "/" + request.getParameter("fileName"))), getFileItem(request)); writeResponse(response, "OK"); } } catch (FileUploadException e) { logError(e); writeResponse(response, "FAIL"); } catch (URISyntaxException e) { logError(e); writeResponse(response, "FAIL"); } } }

Metadata

Hit	Rank	Desc	Type	Violations
?	9	SECSP: The method getParameter returns a String value that is controlled by the client	SERVLET_PARAMETER