# Null Byte Injection

- ID: python-null-byte-injection
- Severity: HIGH
- CWE: CWE-626 (CWE-626)
- Languages: Python

## Description

Detects file operations that may be vulnerable to null byte injection.

## Remediation

Remove null bytes and use secure_filename() for user-provided filenames.

```python
from werkzeug.utils import secure_filename
safe_name = secure_filename(filename.replace('\x00', ''))
```

Learn more: https://shoulder.dev/learn/python/cwe-626/null-byte-injection

## Documentation

[object Object]