Skip to content
Advertisement

Tag: veracode

CWE 73 External Control of file name or Path

I am working to fix Veracode vulnerability CWE-73 (https://cwe.mitre.org/data/definitions/73.html) for my application in which the input filename is dynamically sent by our other application it starts with static names like abc, xyz but full file name usually like abc_1234567.txt. Snippet of existing app code: call methodA(inputdirectory, inputfile, X, Y) -> veracode is reporting for inputfile in this case I have

Advertisement