...
Using path names from untrusted sources without first canonicalizing them and then validating them can result in directory traversal and path equivalence vulnerabilities.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
FIO16-J | Medium | Unlikely | No | NoMedium | P4P2 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| The Checker Framework |
| Tainting Checker | Trust and security errors (see Chapter 8) | ||||||
| Coverity | 7.5 | BAD_EQ | Implemented | ||||||
| Fortify | 1.0 | Path_Manipulation | Implemented | ||||||
| Parasoft Jtest |
| CERT.FIO16.CDBV | Canonicalize data before validation |
...