Skin problems for filesystem path, filename or URI manipulation in java

I am working with some coverage issues in my source code. Here I am using code like

    filePath = properties.getProperty("DO.LIB.LOC");
    String fileName = (String) request.getParameter("read");
    filePath += "/" + fileName;
    downloadResultSet.flushFile(filePath, response, 
    fileName.substring(fileName.lastIndexOf(".") + 1));

      

        
        
        
      

    

My scanned tool has an error such as "CID 38762 (# 1 of 2): Filesystem path, file name or URI manipulation (PATH_MANIPULATION) 2. sink: Build path or URI using tainted value filePath. This could allow an attacker to gain access , modify or verify the existence of critical or confidential files. The value is being used insecurely in a bytecode that cannot be mapped. "

The file path specified in the external properties file and the file name is taken from the request.

I am using the same code in another java file to download files, delete, load functions. How can I avoid such vulnerabilities from my code. Can anyone help me with this?