...
This noncompliant code example accepts a tainted path or file name as an argument. An attacker can access a protected file by supplying its pathname path name as an argument to this method.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6143916bf2ad3e9c-6b4904c0-45d14bf6-bd68be31-e6f83fe3b4d5d3d036ca7c3c"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method doPrivileged() | http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cd1cc12c3483c87e-4db441d1-41ea46c6-b7a098a8-1c2a0255880dc3e5a7749ac1"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | Sections 6.4, "AccessController" | ]]></ac:plain-text-body></ac:structured-macro> | |
| 9.5 "Privileged Code" | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="549630319e2b1d0a-d3b50e27-49074e7e-b4dabcd3-bf104665409855deb0926473"><ac:plain-text-body><![CDATA[ | [[Jovanovic 2006 | AA. Bibliography#Jovanovic 06]] | "Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities" | ]]></ac:plain-text-body></ac:structured-macro> |
...