Coverity issues for Filesystem path, filename, or URI manipulation in C#, .NET Core

Asked Jan 11 '22 at 07:35

Active Jan 11 '22 at 07:37

Viewed 468 times

We had a Coverity scan performed in our code and found the issue related to "Filesystem path, filename, or URI manipulation" which is a high impact security issue.

This is the code we had at first:

var xxxFilesPath = configuration["FileSection:Path"]; 
qualifiedFileName = xxxFilesPath + input.FileName;

As per our research and understanding we have changed the code as below to resolve the issue:

DirectoryInfo xxxFilesPath = new DirectoryInfo(configuration["FileSection:Path"]);
FileInfo[] files = xxxFilesPath.GetFiles(input.FileName); 
input.FileName = files.FirstOrDefault().FullName;

But after running the scan, it is still showing the same errors (not resolved).

Technology details:

.NET Core 3.1
C#

I'm not sure if I'm working on correct area, in that case reason of the issue will be very helpful.

Could anyone let me know, what should be the correct step and why so.

Thanks in advance...

edited Jan 11 '22 at 07:37

marc_s

732,580
175
1,330
1,459

asked Jan 11 '22 at 07:35

ROY

any solution you found? Please share! – user584018 Mar 03 '22 at 02:54
Not yet. Will share the details here, if found anywhere else. – ROY May 05 '22 at 08:30

Coverity issues for Filesystem path, filename, or URI manipulation in C#, .NET Core

0 Answers0