Vulnerability Change this code to not construct the path from user-controlled data

I changed the code based on SonarQube suggestion. but still showing vulnerability. someone please help us.

byte[] blobData = blob.Buffer;
				strTempPath = strTempPath + @"\jpeg";                
                string strNewFilePath = string.Empty;
                strNewFilePath = Path.GetFullPath(System.IO.Path.Combine(strTempPath, savedFilePath.Substring(savedFilePath.LastIndexOf(@"\") + 1)));
                string fullDestDirPath = Path.GetFullPath(strTempPath + Path.DirectorySeparatorChar);                
                if (strNewFilePath.StartsWith(fullDestDirPath, StringComparison.Ordinal)) {
                    blobData = File.ReadAllBytes(strNewFilePath);
                } else
                {
                    throw new IOException("Attempting to read bytes");
                }

Hey there.

What version of SonarQube are you using?

Hi,

kindly find below SonarQube version details.

  • Enterprise Edition
  • Version 8.9.7 (build 52159)

Hi,

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.9.7 → 9.9.2 → 10.2.1 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

If your issue persists after upgrade, please come back to us.