Sonar, a provider of code scanning tools, revealed this week that it has discovered a flaw in a widely used tool for generating application programming interfaces (APIs) that makes it possible for cybercriminals to both read and delete files and files stored in a write directory.