I am getting snyk message in my class that its not wright way, below is the details it is printing.
FileUtils.getBlob( fileAttachment, true );
Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.
PhysicalFileUtils.zipDirectory( pathName, zipFilePath );
Unsanitized input from an HTTP parameter flows into exists, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to bypass the logic of the application in the conditional expression.
like this there are many others.
Since in snyk docs they talks about sanitizing string but I have not seen any docs regarding class or objects issues. Kindly suggest me what I need to do, also for more details please let me know.
Thanks and regards.
You need to sign in to view this answers
Leave feedback about this