In a piece of code, a path is being fetched at run time. Path is mentioned in a .txt file and that path is being fetched from the .txt file at run time. SonarQube is giving the error like below:- Attached screenshot
This api (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path; reads a file whose location might be specified by user input
We have tried no of attempts to resolve it but SonarQube is not accepting the same. SonarQube version is 9.9.1 build (69595)
Sonar also provides the info Why this is an issue and the Vulnerable Code as well as the solution, but that Provided Solution also not helping, mentioned in below screenshot.
Note - Anyone please help in fixing the issue, we cannot hardcode the path as well as we cannot bypass using @SuppressWarnings.
We have tried to hardcode the path mentioned in .txt file. Also tried whatever is mentioned on internet and other similar questions asked on stackoverflow, but SonarQube is not allowing and mentioning the same as vulnerability.