diff --git a/pom.xml b/pom.xml
index 15851ec3..21b0517e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -146,6 +146,7 @@
1.4.5
1.5.2
+ 1.1.3
@@ -248,6 +249,11 @@
jruby
9.3.6.0
+
+ io.github.pixee
+ java-security-toolkit
+ ${versions.java-security-toolkit}
+
@@ -393,6 +399,10 @@
rest-assured
test
+
+ io.github.pixee
+ java-security-toolkit
+
diff --git a/src/main/java/org/owasp/webgoat/webwolf/FileServer.java b/src/main/java/org/owasp/webgoat/webwolf/FileServer.java
index e3d6f24f..5203da17 100644
--- a/src/main/java/org/owasp/webgoat/webwolf/FileServer.java
+++ b/src/main/java/org/owasp/webgoat/webwolf/FileServer.java
@@ -22,6 +22,7 @@
package org.owasp.webgoat.webwolf;
+import io.github.pixee.security.Filenames;
import static org.springframework.http.MediaType.ALL_VALUE;
import java.io.File;
@@ -79,8 +80,8 @@ public ModelAndView importFile(@RequestParam("file") MultipartFile myFile) throw
var user = (WebGoatUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
var destinationDir = new File(fileLocation, user.getUsername());
destinationDir.mkdirs();
- myFile.transferTo(new File(destinationDir, myFile.getOriginalFilename()));
- log.debug("File saved to {}", new File(destinationDir, myFile.getOriginalFilename()));
+ myFile.transferTo(new File(destinationDir, Filenames.toSimpleFileName(myFile.getOriginalFilename())));
+ log.debug("File saved to {}", new File(destinationDir, Filenames.toSimpleFileName(myFile.getOriginalFilename())));
return new ModelAndView(
new RedirectView("files", true),
@@ -135,7 +136,9 @@ public void print2() {
public static class EncryptionExample {
public byte[] encrypt(String text) throws Exception {
- int a, b, c;
+ int a;
+ int b;
+ int c;
a = 2;
b = 1;