Examples of errors detected by the V5609 diagnostic
V5609. OWASP. Possible path traversal vulnerability. Potentially tainted data is used as a path.
Power-Fx
V5609 [CWE-22, OWASP-12.3.1] Possible path traversal vulnerability. Potentially tainted data from the 'pathInput' variable is used as path. EngineSchemaChecker.cs 30
public static void Check(Engine engine, string pathInput)
{
EngineSchema schema;
if (pathInput != null)
{
var json = File.ReadAllText(pathInput);
schema = JsonSerializer.Deserialize<EngineSchema>(json);
}
....
}