CVE-2022-x0x09
This challenge covers the review of a CVE in a Java codebase and its patch
In the Code Review Patch challenges, you are presented with a piece of vulnerable code and its corresponding patch. Your first task is to identify the security issue in the code on your own. This exercise sharpens your ability to detect vulnerabilities without external assistance. However, if you're unable to find the issue or wish to verify your findings, you can consult the provided patch file, which highlights the changes made to address the vulnerability.
For example, the file ManagedDefaultRepositoryContent.java contains several methods for deleting artifacts, projects, and group IDs from a repository. The patch file cve-2022-x0x09.diff introduces an additional check to ensure that the directory path is valid before performing deletion operations. This helps prevent potential directory traversal attacks by verifying the canonical path of the directory.