You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CodeQL flagged "Uncontrolled data used in path expression" in FilePathValidator (#884) and DirectoryPathValidator (#885).
These annotations are intended to be used to validate application configuration, e.g. a Dropwizard service that needs to know where a directory is located. The file or directory location can be anywhere on a filesystem. They are not intended to be used on domain objects that come from user input, e.g. from a web application. Obviously this usage cannot be enforced. But since we cannot really place restrictions on the directory or file paths, the best thing to do is probably just document (in the Javadoc) the risks, and the intended usage of these annotations. The associated CodeQL alerts will be dismissed as "Won't Fix" and the issues closed as "Won't Fix", and reference this issue.
The text was updated successfully, but these errors were encountered:
CodeQL flagged "Uncontrolled data used in path expression" in
FilePathValidator
(#884) andDirectoryPathValidator
(#885).These annotations are intended to be used to validate application configuration, e.g. a Dropwizard service that needs to know where a directory is located. The file or directory location can be anywhere on a filesystem. They are not intended to be used on domain objects that come from user input, e.g. from a web application. Obviously this usage cannot be enforced. But since we cannot really place restrictions on the directory or file paths, the best thing to do is probably just document (in the Javadoc) the risks, and the intended usage of these annotations. The associated CodeQL alerts will be dismissed as "Won't Fix" and the issues closed as "Won't Fix", and reference this issue.
The text was updated successfully, but these errors were encountered: