Reputation: 79
Hp Fortify: Path Manipulation erroe
I am getting the hp fortify warning for the following code:
FileStream fs = null;
StreamWriter writer = null;
try
{
fs = new FileStream(sFileName, FileMode.Open, FileAccess.Write);// Path Manipulation error
writer = new StreamWriter(fs);
I am not deleting the file in my code, So if user provide the path of some config its safe from my code, So I am not sure why this is giving warning?
Can anyone please suggest me any alternative?
Upvotes: 0
Views: 1180
Answers (1)
Reputation: 256
Fortify doesn't know what the file is, where it is, or anything else. Write the code in a way that Fortify can see that the application is protected from malicious users.
Validate the path so that I can't pass a file named ../../../../cmdshell.aspx, don't rely on filesystem permissions. I'm assuming that at some later time you want to read that file, do the same kind of validation there.
I would also validate MIME type, file size, and check for weird characters.
Upvotes: 1
Related Questions
- How to correct Path Manipulation error given by fortify?
- Fortify Path Manipulation error
- Could not find a part of the path in c#
- Path Manipulation error fix for filename
- Fortify - Path Manipulation
- Fixing Path Manipulation error
- Illegal characters in path in C# code
- illegal character in path
- How to fix ‘Path Manipulation’ issue from Fortify scan report for tthe following code sample
- C# illegal characters in the path