...
During this time the canonical path name may have been modified and may no longer be referencing a valid file.
The canonical path name can be used to determine if the referenced file name is in a secure directory (see FIO00-J. Do not operate on files in shared directories). If the referenced file is in a secure directory, then by definition, an attacker cannot tamper with it and cannot exploit the race condition.
...
FIO02-C. Canonicalize path names originating from untrusted sources | ||||
FIO02-CPP. Canonicalize path names originating from untrusted sources | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="77f1bdcb4643e1d3-8efba927-4fda4157-874ea54d-2bc138464afb5e8a4a48fe34"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | "Path Traversal [EWR]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-171, "Cleansing, Canonicalization, and Comparison Errors" | ||||
| CWE-647, "Use of Non-Canonical URL Paths for Authorization Decisions" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e7b9c149c21fc089-65aaf6ae-4de84a5d-8cd8b194-8e0fcf0137442eaa5aa83ad3"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method getCanonicalPath() | http://java.sun.com/javase/6/docs/api/java/io/File.html#getCanonicalPath()] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a8a6fcad90bff0fb-9fd90878-4df94310-8da2a6ed-51622fd441289d024f2c48ee"><ac:plain-text-body><![CDATA[ | [[Harold 1999 | AA. Bibliography#Harold 99]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
...