validate
validate copied to clipboard
Published
20 hours ago •
NASA-PDS
NASA-PDS
Check for special characters in input file strings to avoid vulnerability
| preparation/core/src/main/java/gov/nasa/pds/tools/label/LabelValidator.java | 855 | Local-user-controlled data in path expression (CWE-022) | Local-user-controlled data in path expression (CWE-022). Accessing paths influenced by users can allow an attacker to access unexpected resources. | Y | Chould check these URLs are not some URL exploit. | 3 | CWE-022 | Test variable ”new File(args[0])” to ensure no special characters before being opened potential redirect vulnerability. | |
|---|---|---|---|---|---|---|---|---|---|
| preparation/core/src/main/java/gov/nasa/pds/tools/util/VersionInfo.java | 74 | Local-user-controlled data in path expression (CWE-022) | Local-user-controlled data in path expression (CWE-022). Accessing paths influenced by users can allow an attacker to access unexpected resources. | Y | Chould check these URLs are not some URL exploit. | 3 | CWE-022 | Test variable ”schemaDirString” to ensure no special characters before being opened potential redirect vulnerability. |
