Path Traversal in AttachmentService.java
Copy public FileAttachmentMetadata saveAttachment( MultipartFile file , String attachmentType , String belongId) {
String uploadPath = FileUtils . ATTACHMENT_DIR + "/" + attachmentType + "/" + belongId;
FileUtils . uploadFile (file , uploadPath);
final FileAttachmentMetadata fileAttachmentMetadata = new FileAttachmentMetadata() ;
fileAttachmentMetadata . setId ( UUID . randomUUID () . toString ());
fileAttachmentMetadata . setName ( file . getOriginalFilename ());
fileAttachmentMetadata . setType ( getFileTypeWithoutEnum( fileAttachmentMetadata . getName()) );
fileAttachmentMetadata . setSize ( file . getSize ());
fileAttachmentMetadata . setCreateTime ( System . currentTimeMillis ());
fileAttachmentMetadata . setUpdateTime ( System . currentTimeMillis ());
fileAttachmentMetadata . setCreator ( SessionUtils . getUser () . getName ());
fileAttachmentMetadata . setFilePath (uploadPath);
fileAttachmentMetadataMapper . insert (fileAttachmentMetadata);
return fileAttachmentMetadata;
}
Copy public FileAttachmentMetadata saveAttachment( MultipartFile file , String attachmentType , String belongId) {
if ( attachmentType . contains ( "/" ) || belongId . contains ( "/" )) {
MSException . throwException ( Translator . get ( "invalid_parameter" ));
}
String uploadPath = FileUtils . ATTACHMENT_DIR + "/" + attachmentType + "/" + belongId;
FileUtils . uploadFile (file , uploadPath);
final FileAttachmentMetadata fileAttachmentMetadata = new FileAttachmentMetadata() ;
fileAttachmentMetadata . setId ( UUID . randomUUID () . toString ());
fileAttachmentMetadata . setName ( file . getOriginalFilename ());
fileAttachmentMetadata . setType ( getFileTypeWithoutEnum( fileAttachmentMetadata . getName()) );
fileAttachmentMetadata . setSize ( file . getSize ());
fileAttachmentMetadata . setCreateTime ( System . currentTimeMillis ());
fileAttachmentMetadata . setUpdateTime ( System . currentTimeMillis ());
fileAttachmentMetadata . setCreator ( SessionUtils . getUser () . getName ());
fileAttachmentMetadata . setFilePath (uploadPath);
fileAttachmentMetadataMapper . insert (fileAttachmentMetadata);
return fileAttachmentMetadata;
}
How to Identify Similar vulnerabilities
It is very important to look into the functions which handles file based operations and if the user-controlled data is being processed in any way which can affect the path of the files.