3

I am trying to read a file stored in filesystem in Java using the below code.

byte[] readAllBytes = null;
File templateFile = new File("/myfolder/abc.png");
readAllBytes = Files.readAllBytes(templateFile.toPath());

While scanning this code in Checkmarx tool, the tool raises an issue of "Incorrect Permission Assignment For Critical Resources" . I have referred here about this issue and understand that it is about creating a file with the correct permissions so that it is not misused. But here, I am not creating a file, but I am reading a file. In this case how will I resolve this issue in Checkmarx?

Erdnase
  • 750
  • 3
  • 12
  • 25

1 Answers1

0
File tempFile = File.createTempFile(TEMP_FILE_PREFIX,TEMP_FILE_SUFFIX, new File(TEMP_FOLDER));
FileWriter fw = new FileWriter(tempFile);
tempFile.setExecutable(false);
tempFile.setReadable(true);
tempFile.setWritable(true);
fw.write(CONTENT);

this shld help, post that u can raise mitigation request with security team.
Samit
  • 74
  • 6