Skip to content

Commit

Permalink
Update FileSystem.java
Browse files Browse the repository at this point in the history
  • Loading branch information
@SlaVcE14
SlaVcE14 committed Oct 23, 2023
1 parent 434ef6f commit b80e57a
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions app/src/main/java/com/sjapps/jsonlist/FileSystem.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ public static String LoadDataFromFile(MainActivity mainActivity, Uri uri) {

if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.O) {
String path = uri.getPath();
if (path.contains("../"))
throw new SecurityException();
Path normalized = java.nio.file.FileSystems.getDefault().getPath(path).normalize();

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
if (normalized.startsWith("/data"))
throw new SecurityException();
Expand Down

0 comments on commit b80e57a

Please sign in to comment.