|
if err != nil { |
|
rootCAs = x509.NewCertPool() |
|
} |
|
for _, ca := range ldapConfig.CACertificates { |
|
caPath := getConfigPath(ca, configDir) |
|
certs, err := os.ReadFile(caPath) |
|
if err != nil { |
|
logger.Warn(logSender, "", "error loading ca cert %q: %v", caPath, err) |
|
return err |
|
} |
|
if !rootCAs.AppendCertsFromPEM(certs) { |
Filename: httpd.go
Line: 119
CWE: 73 (External Control of File Name or Path ('Directory Traversal'))
This call to os::ReadFile() contains a path manipulation flaw. The argument to the function is a filename constructed using untrusted input. If an attacker is allowed to specify all or part of the filename, it may be possible to gain unauthorized access to files on the server, including those outside the webroot, that would be normally be inaccessible to end users. The level of exposure depends on the effectiveness of input validation routines, if any. The first argument to ReadFile() contains tainted data from the variable caPath. The tainted data originated from an earlier call to github.com.spf13.pflag.FlagSet.StringVarP. Validate all untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. When using blocklists, be sure that the sanitizing routine performs a sufficient number of iterations to remove all instances of disallowed characters. References: CWE OWASP/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode
sftpgo//examples/ldapauthserver/httpd/httpd.go
Lines 114 to 124 in c710321
Filename: httpd.go
Line: 119
CWE: 73 (External Control of File Name or Path ('Directory Traversal'))
This call to os::ReadFile() contains a path manipulation flaw. The argument to the function is a filename constructed using untrusted input. If an attacker is allowed to specify all or part of the filename, it may be possible to gain unauthorized access to files on the server, including those outside the webroot, that would be normally be inaccessible to end users. The level of exposure depends on the effectiveness of input validation routines, if any. The first argument to ReadFile() contains tainted data from the variable caPath. The tainted data originated from an earlier call to github.com.spf13.pflag.FlagSet.StringVarP. Validate all untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. When using blocklists, be sure that the sanitizing routine performs a sufficient number of iterations to remove all instances of disallowed characters. References: CWE OWASP/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode