I have a code File file = new File(fileName) This fileName i am preapring from other details. An attacker might be able to pass in a filename starting with .. to navigate the filesystem and allow download of arbitrary files. CWE (Common weakness enumeration) 73: External Control of File Name or Path File file = new File(fileName) External Control of File Name or Path . CWE ID 73,fix Veracode flaw,solving veracode issues,External Control of File Name or Path How to validate a filename in JAVA to resolve CWE ID 73(External Control of File Name or Path) using ESAPI? Ask Question. up vote 0 down vote favorite. CWE (Common weakness enumeration) 73: External Control of File Name or Path External Control of File Name or Path (CWE ID 73)(33 flaws) Hi Team, After R & D i didn't get sloution for this.Please see below line of File file = new File(fileName) External Control of File Name or Path . CWE ID 73,fix Veracode flaw,solving veracode issues,External Control of File Name or Path If an attacker is allowed to specify all or part of the filename, it may be possible to gain unauthorized access to How to insert file name or path into cell / header or footer in Excel? ... click left, center or ringht box that you want to insert the filename or path. CWE 73: External Control of File Name or Path - DevExpress.Docs.v13.1.dll. The argument to the function is a filename constructed using user-supplied input. external_file - Allow access to "external files" from ... you must edit the external_file.control ... SET search_path="$user",public,external_file; Quick Tip: Copy both the path and the file name to the clipboard. This call contains a path manipulation flaw. The argument to the function is a filename constructed using user-supplied input. The software allows user input to control or influence paths or file names that are used in filesystem operations. Hello, We are currently using zk 5.0.7, but when we scan our application using veracode, External Control of File Name or Path vulnerabilities were found at next lines: Show examples for CWE-73: External Control of File Name or Path string fileFullName = @" G:\MailData\a\b\data.txt"; or string fileFullName = Server.MapPath(" data.txt"); // consider it is in root directory of web folder. string pathWithoutFileName = System.IO.Path.GetDirectoryName(fileFullName); it will return only path(without filename) G:\MailData\a\b or web root directory phisical path without CWE CATEGORY: SFP Secondary Cluster: Path Traversal. Category ID: 981. External Control of File Name or Path: HasMember: Base: 428: Unquoted Search Path or Element: A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. ... Externally Controlled Reference to a Resource in Another Sphere. External Control of System or ... Class: 73: External Control of File Name or Path: ParentOf: The following Java code uses input from an HTTP request to create a file name.