...
This noncompliant code example tries attempts to mitigate the issue by using the File.getCanonicalPath() method. This method fully resolves the argument and constructs a canonicalized path. For example, the path /img/../etc/passwd resolves to /etc/passwd. This is insecure because the program breaks out of the specified directory /img.
...
This compliant solution obtains the canonicalized file name from the untrusted user input, canonicalizes it and validates it against the target file name, before operating on the file.
...
Compliant solution
A comprehensive way of handling this issue solution is to grant the application the permissions to read only the specific specifically intended files or directory. This can be achieved by specifying directories. One way to grant these permissions is to specify the absolute path of the program in the security policy file and granting to grant the java.io.FilePermission with the target name as the canonicalized absolute path of the file or directory as the target name and with the action as read. This is shown belowset to read.
| Code Block | ||
|---|---|---|
| ||
// All files in /img/java can be read
grant codeBase "file:/home/programpath/" {
permission java.io.FilePermission "/img/java", "read";
};
|
...