Q
Detector Library
Kotlin detectors (23/23)
Insecure cookieCookie Without Http Only FlagImproper AuthenticationCryptographic key generatorWeak pseudorandom number generationPath traversalCross-site scriptingReusing Nonce and key in encryptionCode InjectionServer-side request forgeryCross-site request forgeryLog injectionHardcoded credentialsEnabling and overriding debug featureNull Pointer DereferenceInsecure hashingMissing encryption of sensitive dataImproper verification of IntentInsecure connection using unencrypted protocolOS Command InjectionInsecure Bean ValidationSQL injectionIncorrect Type Conversion
Path traversal High
Creating file paths from untrusted input could allow a malicious actor to access arbitrary files on a disk by manipulating the file name in the path.
Detector ID
kotlin/path-traversal@v1.0
Category
Noncompliant example
1// Noncompliant: Using untrusted inputs to access a file path
2fun noncompliant() {
3 print("Enter your filename:")
4 val filename = readLine()
5
6 val file = File(filename)
7 val lines = file.readLines()
8 for (line in lines) {
9 println(line)
10 }
11}
Compliant example
1// Compliant: Using safe input to access a file path
2fun compliant(filename: String) {
3 val file = File(filename)
4 val lines = file.readLines()
5 for (line in lines) {
6 println(line)
7 }
8}