'Sonarqube how to fix not construct the path from user-controlled data

Below piece of code is giving vulnerability issue in sonarqueb "Change this code to not construct the path from user-controlled data"

BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(file, false));

I tried below, but it is not working

if (file.exists() && file.isFile()) {
BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(file, false));
}

And

if(Files.exists(file.toPath()) && Files.isExecutable(file.toPath())) {
BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(file, false));
}

What i am missing to validate before creating new buffered stream?

sonarqubejava-11


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

SonnarQube's issue: change code to not construct the URL from user-controlled data

SonarQube 3.7 with maven and Jenkins - Maven session does not declare a top level project

android:exported needs to be explicitly specified after add SonarQube in build.gradle

Directory excluding in sonar-project.properties file doesn't work (for me)

How to disable code coverage in sonarqube since 6.2

Sonarqube authorization - how to authorize with sonar-maven-plugin when sonar.forceAuthentication is enabled

How can I get the value of inheritance class of other inheritance class in .NET Roslyn API?

SonarQube - how to deactivate inherited rule in quality profile?

SonarQube server can not be reached at http://localhost:9000 with Sonarqube-4.5.1

SonarQube: Invoke method(s) only conditionally

Sonarqube gives node.js error while running sonar-scanner

How can I reduce cyclomatic complexity for the code to be acceptable by sonar

How to configure sonar.coverage.jacoco.xmlReportPaths for JaCoCo/SonarQube?

How to Code Quality on EXCEL VBA Code in SonarQube or Alternatives?

SonarQube - how to run the code analysis again for a project after creating that project