So when testing a basic java webapp i am making, upon testing for bugs, there is a problem that is returned. On line 28(code is String file = request.getparameter), there is a error called "relative path traversal" and on line 30(2 lines down from request) the error is called "path traversal in" (these errors are to do with security, not functionality).
I am sort of confused as to why it is not secure, but i do know how it isn't secure. An attacker could mess around with the url to get to other files in a directory that they should not be able to get into, and do bad things.
public class FileDownload extends HttpServlet {
private String DOWNLOAD_PATH = new File(".").getCanonicalPath() + "/webapps/webapp/app/download";
public FileDownload() throws IOException {
}
public void init() throws ServletException {
}
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
String file = request.getParameter("file");
File downloadPath = DOWNLOAD_PATH + "/" + file;
File downloadFile = new File(downloadPath, Filenameutils.getName(file));
if (downloadFile.exists()) {
response.setContentType("application/octet-stream");
response.setHeader("Content-disposition", "attachment; filename="+ downloadFile.getName());
FileInputStream fis = new FileInputStream(downloadFile);
byte[] data = new byte[(int) downloadFile.length()];
fis.read(data);
fis.close();
OutputStream out = response.getOutputStream();
out.write(data);
out.flush();
}
else
response.sendError(404);
}
I need to make it secure, but I am not sure how after searching online about the vulnerabilities. Does anyone have experience in these sorts of file problems?
What I have tried:
I have tried changing the file name extensions etc, but to no avail. Could someone suggest what the problem is and how to remove the security bugs?
Thanks in advance :D