You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Jorge Solórzano (Jira)" <ji...@apache.org> on 2022/01/18 14:05:00 UTC

[jira] [Updated] (MWRAPPER-51) Refactor using Java Path API (NIO.2)

     [ https://issues.apache.org/jira/browse/MWRAPPER-51?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jorge Solórzano updated MWRAPPER-51:
------------------------------------
    Summary: Refactor using Java Path API (NIO.2)  (was: Improve MavenWrapperDownloader.java using Java Path API (NIO.2))

> Refactor using Java Path API (NIO.2)
> ------------------------------------
>
>                 Key: MWRAPPER-51
>                 URL: https://issues.apache.org/jira/browse/MWRAPPER-51
>             Project: Maven Wrapper
>          Issue Type: Improvement
>          Components: Maven Wrapper Scripts
>    Affects Versions: 3.1.0
>            Reporter: Jorge Solórzano
>            Priority: Normal
>
> MavenWrapperDownloader.java could be improved by using the Java Path API (NIO.2) available since Java 7 and also include some checks in paths.
> Also, Snyk reports a potential vulnerability of Unsanitized input from a command-line argument flows into java.io.File* where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read/write arbitrary files.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)