Reputation: 156
Should fix or false positive - Fortify Path Manipulation Error
I have following web api code which does not take any input for filename or path from user and works internally but got an path manipulation error in fortify scan. Should this be fixed or mark as false positive as there will be no intervention through user inputs?
public IEnumerable Load()
{
string path = ConfigurationManager.AppSettings["ContractFiles"];
List fileList = new List();
IEnumerable files = this.GetXmlFilesFromPath(path);
foreach (string file in files)
{
//Path Manipulation
XDocument xDoc = XDocument.Load(file);
}
}
private IEnumerable GetXmlFilesFromPath(string path)
{
//Path Manipulation
return Directory.GetFiles(path).Where(p => p.ToLower().EndsWith(".xml")).ToArray();
}
Upvotes: 0
Views: 450
Answers (1)
Reputation: 74700
Even if it doesn't make the analyzer message go away, I would amend it to:
return Directory.GetFiles(path, "*.xml");
Upvotes: 0
Related Questions
- How to correct Path Manipulation error given by fortify?
- Fortify Path Manipulation error
- Could not find a part of the path in c#
- Hp Fortify: Path Manipulation erroe
- Path Manipulation error fix for filename
- Fortify - Path Manipulation
- C# : Could not find a part of the path
- Fixing Path Manipulation error
- Illegal characters in path in C# code
- illegal character in path