Change this code to not construct the path from user-controlled data

Javith · May 19, 2023, 6:20am

Below is the code snippet , i am getting sonar qube issue on the line 3 (FileUtilits.copy…). Could you please help me to resolve this issue.

ResponseEntity<Resource> response=//get response from other source
InputStream is = resource.getInputStream();
FileUtils.copyInputStreamToFile(is, new File(fileName));
 is.close();

Colin · May 19, 2023, 7:14am

Hey there.

As noted in the template post, what version of SonarQube are you using?

Javith · May 19, 2023, 12:29pm

Hi Colin,
We are using SonarQube version v4.7.0.

Colin · May 19, 2023, 12:50pm

The version of SonarQube can be found in the footer of your SonarQube instance.

Javith · May 19, 2023, 12:59pm

Thanks I can find the version in the footer - which is version 8.9.7 .

Colin · May 19, 2023, 1:03pm

Hi,

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.9.7 → 9.9 → 10.0 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

If your error persists after upgrade, please come back to us.

Javith · May 19, 2023, 1:06pm

HI Colin,

Sure we will upgrade but can you help on to find the resolution for the above issue?

Javith · May 21, 2023, 5:20am

Hi,
Can anyone help me why we are getting “Change this code to not construct the path from user-controlled data.” in the below line of code
FileUtils.copyInputStreamToFile(is, new File(fileName));

Please help to resolve above issue.