nyx/tests/fixtures/realistic/path_traversal/PathTraversal.java

// Phase 13 path-traversal positive (Java).  Servlet reads
// `req.getParameter("name")` (Source) and feeds it through `Paths.get`
// into `Files.readAllBytes` (new FILE_IO sink rule in
// `src/labels/java.rs`).  `Paths.get` is a forwarder; default arg→return
// propagation smears the tainted `name` into the constructed Path, and
// the path arg of `Files.readAllBytes` carries the FILE_IO sink payload.
package handlers;

import java.nio.file.Files;
import java.nio.file.Paths;
import javax.servlet.http.HttpServletRequest;

public class PathTraversal {
    public byte[] handle(HttpServletRequest req) throws Exception {
        String name = req.getParameter("name");
        return Files.readAllBytes(Paths.get("/var/data", name));
    }
}
Critical bug fixes and recall improvements (#68) 2026-05-11 12:42:39 -04:00			`// Phase 13 path-traversal positive (Java). Servlet reads`
			// `req.getParameter("name")` (Source) and feeds it through `Paths.get`
			// into `Files.readAllBytes` (new FILE_IO sink rule in
			// `src/labels/java.rs`). `Paths.get` is a forwarder; default arg→return
			// propagation smears the tainted `name` into the constructed Path, and
			// the path arg of `Files.readAllBytes` carries the FILE_IO sink payload.
			`package handlers;`

			`import java.nio.file.Files;`
			`import java.nio.file.Paths;`
			`import javax.servlet.http.HttpServletRequest;`

			`public class PathTraversal {`
			`public byte[] handle(HttpServletRequest req) throws Exception {`
			`String name = req.getParameter("name");`
			`return Files.readAllBytes(Paths.get("/var/data", name));`
			`}`
			`}`