Detected user input controlling a file path. An attacker could control the location of this file, to include going backwards in the directory with '../'. To address this, ensure that user-controlled variables in file paths are sanitized. You may also consider using a utility method such as org.apache.commons.io.FilenameUtils.getName(...) to only retrieve the file name from the path.
View Dataflow Graph
```mermaid
flowchart LR
classDef invis fill:white, stroke: none
classDef default fill:#e7f5ff, color:#1c7fd6, stroke: none
subgraph File0["maven/src/main/java/hello/test2.java"]
direction LR
%% Source
subgraph Source
direction LR
v0("[Line: 115] filename")
end
%% Intermediate
subgraph Traces0[Traces]
direction TB
v2("[Line: 115] filename")
end
%% Sink
subgraph Sink
direction LR
v1("[Line: 117] #quot;data/employees.dat#quot; + filename")
end
end
%% Class Assignment
Source:::invis
Sink:::invis
Traces0:::invis
File0:::invis
%% Connections
Source --> Traces0
Traces0 --> Sink
%% Clickable
click v0 href "https://github.com/finos/security-scanning/blob/e54f9ce33cd064fae7d155da34de9cf05d10551e/maven/src/main/java/hello/test2.java#L115" "View in source" _blank
click v1 href "https://github.com/finos/security-scanning/blob/e54f9ce33cd064fae7d155da34de9cf05d10551e/maven/src/main/java/hello/test2.java#L117" "View in source" _blank
click v2 href "https://github.com/finos/security-scanning/blob/e54f9ce33cd064fae7d155da34de9cf05d10551e/maven/src/main/java/hello/test2.java#L115" "View in source" _blank
```
Semgrep found 4
tainted-file-path
findings:Detected user input controlling a file path. An attacker could control the location of this file, to include going backwards in the directory with '../'. To address this, ensure that user-controlled variables in file paths are sanitized. You may also consider using a utility method such as org.apache.commons.io.FilenameUtils.getName(...) to only retrieve the file name from the path.
View Dataflow Graph
```mermaid flowchart LR classDef invis fill:white, stroke: none classDef default fill:#e7f5ff, color:#1c7fd6, stroke: none subgraph File0["maven/src/main/java/hello/test2.java"] direction LR %% Source subgraph Source direction LR v0("[Line: 115] filename") end %% Intermediate subgraph Traces0[Traces] direction TB v2("[Line: 115] filename") end %% Sink subgraph Sink direction LR v1("[Line: 117] #quot;data/employees.dat#quot; + filename") end end %% Class Assignment Source:::invis Sink:::invis Traces0:::invis File0:::invis %% Connections Source --> Traces0 Traces0 --> Sink %% Clickable click v0 href "https://github.com/finos/security-scanning/blob/e54f9ce33cd064fae7d155da34de9cf05d10551e/maven/src/main/java/hello/test2.java#L115" "View in source" _blank click v1 href "https://github.com/finos/security-scanning/blob/e54f9ce33cd064fae7d155da34de9cf05d10551e/maven/src/main/java/hello/test2.java#L117" "View in source" _blank click v2 href "https://github.com/finos/security-scanning/blob/e54f9ce33cd064fae7d155da34de9cf05d10551e/maven/src/main/java/hello/test2.java#L115" "View in source" _blank ```Ignore this finding from tainted-file-path.