...
| Code Block | ||
|---|---|---|
| ||
class ExceptionExample {
public static void main(String[] args) throws FileNotFoundException {
// Linux stores a user's home directory path in the environment variable
// $HOME, Windows in %APPDATA%
FileInputStream fis = new FileInputStream(System.getenv("APPDATA") + args[0]);
}
}
|
This attack is possible even when the application displays a sanitized message when the file is not found. Failure to restrict user input can leave the code vulnerable to a brute force attack that allows the attacker to enumerate valid file names on a system by constantly monitoring the inputs that generate a system defined the sanitized message . On the other hand, if the system does not sanitize the exception information, for this particular condition.
In this noncompliant example, the exception is not sanitized which enables the attacker to also learn the user's home directory and as a result the user name is also exposed.
Noncompliant Code Example
...