stackoom
  简体   繁体   中英

Hp Fortify: Path Manipulation erroe

 原文  2015-10-27 07:33:47       c#/ fortify

Question

I am getting the hp fortify warning for the following code: 

        FileStream fs = null;
        StreamWriter writer = null;

        try
        {
            fs = new FileStream(sFileName, FileMode.Open, FileAccess.Write);// Path Manipulation error
            writer = new StreamWriter(fs);

I am not deleting the file in my code, So if user provide the path of some config its safe from my code, So I am not sure why this is giving warning?

Can anyone please suggest me any alternative?

1 answers

solution1
 1  2015-11-18 23:07:39

Fortify doesn't know what the file is, where it is, or anything else. Write the code in a way that Fortify can see that the application is protected from malicious users.

Validate the path so that I can't pass a file named ../../../../cmdshell.aspx , don't rely on filesystem permissions. I'm assuming that at some later time you want to read that file, do the same kind of validation there.

I would also validate MIME type, file size, and check for weird characters.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question HP Fortify Validation Rules on Path Manipulation Fortify - Path Manipulation HP Fortify Cookie Error of Header Manipulation I am scanning the code using HP fortify. I am getting Path Manipulation error when I try to open the File Open Filestream For Writing - fortify Path Manipulation How to to resolve issue Fortify path manipulation Should fix or false positive - Fortify Path Manipulation Error How to fix ‘Path Manipulation’ issue from Fortify scan report for tthe following code sample HP fortify XML External Entity Injection HP Fortify Rule Suppression Attribute C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM