user1520277
Reputation: 59
Path manipulation issue report by fortify scan
I have been fixing fortify issues in our application. below piece of code always reported as path manipulation issue. I don't understand why. There is no user input in this method. Could someone please help me on this I am not able to figure out how to fix this issue. This is c# code
string fileName = CreateConfigFileName(); //Its not a user input.
string path = ConfigurationManager.AppSettings["CommonFilePath"];
String finalPath = path + Path.GetFileName(fileName);
if (Path.GetFileName(fileName) == fileName && !File.Exists(finalPath))
{
File.WriteAllText(finalPath, xmlString);
}
private string CreateConfigFileName()
{
var fileName = new StringBuilder("LogDetail_");
var user = enterprise.ConfigUserName;
var LastModifiedDate = enterprise.LastModifiedDate;
fileName.Append("_");
fileName.Append(user);
fileName.Append("_");
fileName.Append(LastModifiedDate.Substring(0, 4)).Append("-"); // yyyy
fileName.Append(LastModifiedDate.Substring(4, 2)).Append("-"); // mm
fileName.Append(LastModifiedDate.Substring(6, 2)).Append("-"); // dd
fileName.Append(LastModifiedDate.Substring(8, 2)).Append("-"); // hh
fileName.Append(LastModifiedDate.Substring(10, 2)).Append("-"); // mm
fileName.Append(LastModifiedDate.Substring(12, 2)); // ss
return fileName.Append(".xml").ToString();
}
Upvotes: 0
Views: 1425
Answers (0)
Related Questions
- How to fix "Path Manipulation Vulnerability" in some Java Code?
- Path Manipulation (security vulnerability)
- How to correct Path Manipulation error given by fortify?
- Fortify Path Manipulation error
- Path Manipulation Solution?
- Hp Fortify: Path Manipulation erroe
- Fortify shows critical vulnerability File.Delete() operation C#
- Path Manipulation error fix for filename
- Fortify - Path Manipulation
- Fixing Path Manipulation error