Our website uses cookies to enhance your browsing experience.
Accept
to the top
Home
>
Posts
>
Examples of errors
>
Examples of errors detected by the...

Examples of errors detected by the V5609 diagnostic

V5609. OWASP. Possible path traversal vulnerability. Potentially tainted data is used as a path.

Power-Fx

V5609 [CWE-22, OWASP-12.3.1] Possible path traversal vulnerability. Potentially tainted data from the 'pathInput' variable is used as path. EngineSchemaChecker.cs 30


public static void Check(Engine engine, string pathInput)
{
  EngineSchema schema;
  if (pathInput != null)
  {
    var json = File.ReadAllText(pathInput);
    schema = JsonSerializer.Deserialize<EngineSchema>(json);
  }
  ....
}