• Home
• io.codemodder
• core-codemods
• 0.91.0
• source code
• report.json

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.codemodder.codemods.SanitizeSpringMultipartFilenameCodemod.report.json Maven / Gradle / Ivy

{
  "summary" : "Sanitized user-provided file names in HTTP multipart uploads",
  "control" : "https://github.com/pixee/java-security-toolkit/blob/main/src/main/java/io/github/pixee/security/Filenames.java",
  "change": "Wrapped the file name with a sanitizer call that takes out path escaping characters",
  "reviewGuidanceJustification" : "This change presents effectively no risk. However, we believe a human should review the change.",
  "references" : [
    "https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload",
    "https://portswigger.net/web-security/file-upload",
    "https://github.com/spring-projects/spring-framework/blob/c989470f94926ee5c7474bead278b00e9aaac787/spring-web/src/main/java/org/springframework/web/multipart/MultipartFile.java#L68"
  ]
}