How to fix Path Manipulation problem from Fortify scan report for the following code example

Question

How to fix Path Manipulation problem from Fortify scan report for the following code example

I have a problem with path manipulation. The following code is placed in the page_load method of an ASPx page.

String rName = Request.QueryString["reportName"];
string path = "C:\\hari" + rName;
if (File.Exists(path))
{
    File.Delete(path);
}

But the Fortify scan report for the above code example shows that the problem with the route contour is higher. Help is needed to modify the above code so that it can undergo scan acceleration

+3

c # asp.net

user517206 Jan 19 '11 at 7:58

source share

2 answers

Costlow · Answer 1 · 2011-02-23T21:40:37+0000

Jackson is right, this is a direct File Path Manipulation vulnerability that can be fixed by indirect selection. List all files from your famous directory. Use a value coming from your own directory list, not a custom value.

String rName = Request.QueryString["reportName"];
String knownPath = "C:\\hari";
DirectoryInfo di = new DirectoryInfo(knownPath);
FileInfo[] files = di.GetFiles(rName);

if (files.length > 0)
{
    files[0].Delete();
}

Jackson Pope · Answer 2 · 2011-01-19T08:45:50+0000

, , - reportName = "..\\Windows\\Something important", . , .

How to fix Path Manipulation problem from Fortify scan report for the following code example

More articles: