public void pathTraversal1()

in workshop/workshop-java-repo-vulnerable/src/main/java/com/shipmentEvents/handlers/EventHandler.java [185:207]

• 23 lines of code
• 5 McCabe index (conditional complexity)

    public void pathTraversal1(HttpServletRequest request) throws IOException {
        String VALID_PATH1 = "./test/file1.txt";
        String VALID_PATH2 = "./test/file2.txt";
        String DEFAULT_VALID_PATH = "./test/file3.txt";
        javax.servlet.http.Cookie[] theCookies = request.getCookies();
        String path = "";
        if (theCookies != null) {
            for (javax.servlet.http.Cookie theCookie : theCookies) {
                if (theCookie.getName().equals("thePath")) {
                    path = decode(theCookie.getValue(), "UTF-8");
                    break;
                }
            }
        }
        if (!path.equals("")) {
            String fileName = path + ".txt";
            String decStr = new String(org.apache.commons.codec.binary.Base64.decodeBase64(
                org.apache.commons.codec.binary.Base64.encodeBase64(fileName.getBytes())));
            java.io.FileOutputStream fileOutputStream = new java.io.FileOutputStream(decStr);
            java.io.FileDescriptor fd = fileOutputStream.getFD();
            System.out.println(fd.toString());
        }
    }