The Java web application code returns with a route route problem. How to fix this / these security errors?

So, when testing a basic Java web application that I am doing, when testing errors, there is a problem that is returned. On line 28 (the code is String file = request.getparameter), there is an error called "relative path travel" and on line 30 (2 lines down from the request) the error is called "route path on" (These errors must be made safely, not functionality).

I am a little confused about why it is not safe, but I know how it is not safe. An attacker could waste time with the URL to access other files in a directory where he should not be able to enter and do bad things.

public class FileDownload extends HttpServlet {

    private String DOWNLOAD_PATH = new File(".").getCanonicalPath() + "/webapps/webapp/app/download";

    public FileDownload() throws IOException {
    }

    public void init() throws ServletException {
        //To Do
    }

    public void doGet(HttpServletRequest request,
                       HttpServletResponse response)
            throws ServletException, IOException
    {

        String file = request.getParameter("file");

        File downloadPath = DOWNLOAD_PATH + "/" + file;


        File downloadFile = new File(downloadPath, Filenameutils.getName(file));

        if (downloadFile.exists()) {
            response.setContentType("application/octet-stream");
            response.setHeader("Content-disposition", "attachment; filename="+ downloadFile.getName());
            FileInputStream fis = new FileInputStream(downloadFile);
            byte() data = new byte((int) downloadFile.length());
            fis.read(data);
            fis.close();

            OutputStream out = response.getOutputStream();
            out.write(data);
            out.flush();
        }
        else
            response.sendError(404);

    }

I need to make it safe, but I'm not sure how after searching online for vulnerabilities. Does anyone have experience in this kind of file problems?

What I have tried:

I tried changing the file name extensions, etc., but it was in vain. Could someone suggest what the problem is and how to eliminate security errors?

Thanks in advance

Errors – Problem from the drop-down menu only on the home page?

Gday gentlemen,

I am a newbie on the web and have been running a site for a friend for a while now. The latest version of WordPress has been running for more than 2 years without major problems.

However, I am not sure if it is due to one of the various updates over time, I recently noticed that the site menu does not work correctly; The drop-down menu items are not displayed. This problem affects only the home page and none of the other pages.

Initially, the menu was (incorrectly) aligned with the bottom of the page, which was very bad, so I used these instructions to replace it at the top:
https://blog.hubspot.com/website/sticky-menu-wordpress

This put the menu back on top successfully, but the current problem arose.

Can anyone take a look and advise please? Your help is greatly appreciated.
http://www.singaporevirtualairlines.org
WordPress 5.2.4 (self-hosted)
Impreza latest version 30 Oct 19

samba – mount -t cifs does not show any errors, but does not end up mounting the network share

This is the command I used:

sudo mount -t cifs //10.8.0.9/KeyA / media / KeyA / -o username =, password =

When executing this command, the command suspiciously takes only a small amount of time (it used to be 5 seconds or more, now it's like 1.5 seconds), and the mount point is completely empty.

So I checked / proc / mounts to see if CIFS did something, and of course it didn't even set the target. I tried to specify vers = 3.0 (minimum version of the destination server) and even tried to reduce the version to 1.0 on the destination server without any result. This command worked completely well an hour ago

Why does CIFS fail here, and why does it always break so damn?

mobile: shows form errors on a small screen. Scroll to error vs errors with the submit button

I am working to improve the visibility of errors in our form. We show the errors next to the field and highlight the tab that contains the errors. That works well on desktops with a certain resolution. But in laptops or small computers, errors are not always visible.

This screenshot below the form contains errors, but they are only visible when scrolling up.

Mobile view

mobile view


Real page

enter the description of the image here

Should I show errors next to the save / send button or move to the area / tab that needs correction?

c # – What is the best way to handle exceptions without users seeing technical support errors?

Show the user that there was an error and some indication of what type.

Now, are we talking about a web application? So it's about what you're going to show arbitrary customers. Unless you are in a test environment. It is common knowledge not to show detailed errors to users, as it could give clues about vulnerabilities that a malicious user could exploit.

The error must be recorded, of course.

However, on the desktop, let them see what kind of error, the error message, the stack tracking, the log. In fact, request permission to send this information, in addition to an email and a description of what they were doing, and have the server take the log and other error information, the email and the description, create a support ticket and send the ticket ID to the email provided by the user.

Two reasons:

  • This respects the user's privacy. If there can be sensitive information there, you need user permission.
  • A malicious user who wants to reverse engineer the desktop application will do so regardless of error messages.

[ Revcontent+RedTrack]: Native ad errors to avoid | Proxies123.com

[IMG]

Hey guys, long time no see!

All this time we have been actively following the latest market trends and we have done a meaningful guide on native ads with one of the fastest growing advertising platforms Revcontent

We have analyzed The most common and obvious mistakes made by affiliates run native advertising and talked about how to avoid them

Read our new blog post to learn

The future of native advertising and its main advantages.

popular non-obvious mistakes that affiliates make when running native ads

effectiveness of clickbait tactics

the secrets of Revcontent's viable native advertising campaigns

PS Find a good bonus inside:]

https: Tomcat 7 starts my port with SSL security without errors, but it is not yet publicly accessible. How do I debug this?

In my work I have been entrusted with the task of securing a website (http -> https)
I'm new to this, so forgive me if my terminology is incorrect.

I spent last week configuring the Tomcat key stores and configuring the Tomcat server.xml for SSL to work, and I finally got it to the point where it tells me this:

Nov 04, 2019 9:48:23 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ("http-nio-8443")
Nov 04, 2019 9:48:23 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ("ajp-bio-8009")

8009 is my http port, which works fine.
8443 is my https port. From this exit, it seems that it should also be fine.
However, when I try to connect to my website using the https URL, the timeout period expires. I cannot find any record, error or anything related to this problem.

Things I have tried:

  • Open port 8443 (and 8000) in iptables
  • Test the url / port on the server using curl -il https://my.website.name:8443what catches me
HTTP/1.1 200 OK 
Server: Apache-Coyote/1.1 ...
  • Tunneling to the Tomcat 8000 debug port using PuTTY, then debugging the local version of that port in IntelliJ. All IntelliJ tells me is "Error … Connection reestablishment".
  • Redo all of the above with several random ports

My local machine is running Windows, but the website is on a Tomcat 7 server on a Scientific Linux machine that I can only access through SSH, which further complicates matters.

What else can I watch? Is there anything I should read? A record that I should look at? Most likely, I can debug the problem myself if I vaguely knew what the problem was, but I don't know where to look.

errors: blank screen throughout the site, including wp-admin

On a MacBook I downloaded a multisite WP through SFTP using FileZilla. I have also exported copies of all required databases. I have updated all the wp-config files to match my local database configuration.

The problem I have is that I have a blank screen in the front and in the back. I can't even see the login screen at work-login.php

I have tried the following without luck:

  • coincided with my local PHP version with the live server version
  • set WP_DEBUG to true
  • WP_DEBUG_LOG added to wp-config
  • WP_DEBUG_DISPLAY added to wp-config
  • Memory limit increased from 128 to 512
  • set WP_CACHE to false

As I cannot access wp-admin, I have also tried the following without luck:

  • renamed the add-ons folder
  • deleted the theme that is being used from the themes folder

Any help would be very much appreciated

python: the REST call help function returns an empty response in timeout errors

Check my code where I want to handle timeout errors and send a scanned response.

Few problems I noticed is that sometimes the response of the POST request is not in JSON or there is an error 504 that sends the object in response.

def use_service(branch: str, relative_url: str, request_type: str = 'GET', data=None, retry=1):
    """
    :param – relative_url – the relative url to be submitted
    :param – request_type – the type of request being submitted (POST, GET, PUT, etc.)
    :param – data – the data to be submitted with the request if necessary.
    """
    logger.info(f'getting data from {relative_url}')
    url = envs.get(branch, '') + relative_url
    resp = {}

    for x in range(retry):
        try:
            if request_type == 'GET':
                logger.info(f'GET call to {url}')
                resp = requests.get(url)
            elif request_type == "POST":
                logger.info(f'POST call to {url}')
                if branch in envs.keys():
                    resp = requests.post(
                        url,
                        json=data,
                    )
                else:
                    logger.info(f'{branch} : Attempted to push data: {data}')
            if not resp.ok:
                resp.raise_for_status()
        except HTTPError as err:
            logger.exception(f'HTTP Error: {err}')
        except Timeout as err:
            logger.exception(f'Connection timed out {err}')
        except ConnectionError:
            logger.exception(f'A network problem has occured (DNS failure, refused connection)')
        except RequestException as err:
            logger.exception(f'Other error occurred: {err}')
        except Exception as err:
            logger.exception(f'Unknown Exception: {err}')
        finally:
            logger.info(resp.status_code)
            if resp.ok:
                resp = resp.json()
                logger.info(resp)
            else:
                resp = ()
    return resp

gitlab – How to report errors in Gnome, specifically gnome-disks?

I found an error in the youngest utility of gnome-disks and I just lost more than an hour of my life trying to find out how to report it.

There is a "git-lab" site for Gnome, here:

https://gitlab.gnome.org

They want you to log in before you can do something, and therein lies the problem; I tried everything I can think of and nothing works. They do not provide a "registration" procedure that I could find. … Is there ANOTHER portal to report errors?

(By the way, I even created an account with gitlab, which is a real pain due to its stupid bot that demands that you do what amounts to a human verification. – But that account only allows me to talk about gitlab, and NOT about gnome. So it doesn't work either.)