Following is the issue when the security audit was run over the source code on Smart GWT3.0 version.
External Control of File Name or Path
Recommendations
Validate all user-supplied input to ensure that it conforms to the expected format, using centralized data validation routines when possible. When using black lists, be sure that the sanitizing routine performs a sufficient number of iterations to remove all instances of disallowed characters.
Module # Class # Module Location
com/.../FileAssembler.java 293
com/.../FileDistributor.java 55
com/.../FileDistributor.java 66
com/.../FileDistributor.java 75
com/.../FileDistributor.java 139
com/.../FileDistributor.java 150
com/.../FileDistributor.java 158
com/.../FilePackager.java 47
com/.../FilePackager.java 63
com/.../FilePackager.java 69
com/.../FilePackager.java 84
.../JSSyntaxScannerFilter.java 295
com/.../servlet/SourceViewer.java 183
Can we have resolution for this soon please?
External Control of File Name or Path
Recommendations
Validate all user-supplied input to ensure that it conforms to the expected format, using centralized data validation routines when possible. When using black lists, be sure that the sanitizing routine performs a sufficient number of iterations to remove all instances of disallowed characters.
Module # Class # Module Location
com/.../FileAssembler.java 293
com/.../FileDistributor.java 55
com/.../FileDistributor.java 66
com/.../FileDistributor.java 75
com/.../FileDistributor.java 139
com/.../FileDistributor.java 150
com/.../FileDistributor.java 158
com/.../FilePackager.java 47
com/.../FilePackager.java 63
com/.../FilePackager.java 69
com/.../FilePackager.java 84
.../JSSyntaxScannerFilter.java 295
com/.../servlet/SourceViewer.java 183
Can we have resolution for this soon please?
Comment