[jira] [Created] (MWRAPPER-51) Improve MavenWrapperDownloader.java using Java Path API (NIO.2)

Jira Thu, 13 Jan 2022 09:30:05 -0800

Jorge Solórzano created MWRAPPER-51:
---------------------------------------


             Summary: Improve MavenWrapperDownloader.java using Java Path API 
(NIO.2)
                 Key: MWRAPPER-51
                 URL: https://issues.apache.org/jira/browse/MWRAPPER-51
             Project: Maven Wrapper
          Issue Type: Improvement
          Components: Maven Wrapper Scripts
    Affects Versions: 3.1.0
            Reporter: Jorge Solórzano


MavenWrapperDownloader.java could be improved by using the Java Path API 
(NIO.2) available since Java 7 and also include some checks in paths.

Also, Snyk reports a potential vulnerability of Unsanitized input from a 
command-line argument flows into java.io.File* where it is used as a path. This 
may result in a Path Traversal vulnerability and allow an attacker to 
read/write arbitrary files.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (MWRAPPER-51) Improve MavenWrapperDownloader.java using Java Path API (NIO.2)

Reply via email to