From ba3030cb63bb86b6bb13342664e0e319f2fee374 Mon Sep 17 00:00:00 2001
From: Anna Karyakina <akarjakina@gmail.com>
Date: Fri, 11 Jun 2021 14:31:42 -0700
Subject: [PATCH] Statistics file name sanitizing

---
 src/main/java/com/fortify/plugin/jenkins/FPRSummary.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/fortify/plugin/jenkins/FPRSummary.java b/src/main/java/com/fortify/plugin/jenkins/FPRSummary.java
index 0d63bd7..8ae0131 100644
--- a/src/main/java/com/fortify/plugin/jenkins/FPRSummary.java
+++ b/src/main/java/com/fortify/plugin/jenkins/FPRSummary.java
@@ -25,6 +25,7 @@
 import com.thoughtworks.xstream.XStream;
 
 import hudson.FilePath;
+import hudson.Util;
 import hudson.XmlFile;
 import hudson.util.XStream2;
 
@@ -53,7 +54,9 @@ private String buildFilename(String appName, String appVersion) {
 			filename += "-" + appVersion;
 		}
 		filename += FILE_EXTENSION;
-		return filename;
+		//both appName and appVersion come from user input, so we must sanitize
+		String sanitizedFilename = Util.rawEncode(filename);
+		return sanitizedFilename;
 	}
 
 	public void load(File parent, String appName, String appVersion) throws IOException {