Page History

...

Using path names from untrusted sources without first canonicalizing them and then validating them can result in directory traversal and path equivalence vulnerabilities.

Recommendation Rule	Severity	Likelihood	Remediation Cost	Priority	Level
IDS02-J	medium	unlikely	medium	P4	L3

...

The CERT C Secure Coding Standard	FIO02-C. Canonicalize path names originating from untrusted sources
The CERT C++ Secure Coding Standard	FIO02-CPP. Canonicalize path names originating from untrusted sources
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6cd585883cdce9be-ca744487-4c944981-8f7dbf8f-ed50bbfc9784a540d5bb5361"><ac:plain-text-body><![CDATA[	[ISO/IEC TR 24772:2010	http://www.aitcnet.org/isai/]	"Path Traversal [EWR]"	]]></ac:plain-text-body></ac:structured-macro>
MITRE CWE	CWE-171, "Cleansing, Canonicalization, and Comparison Errors"
	CWE-647, "Use of Non-Canonical URL Paths for Authorization Decisions"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c7d4d38bb9c22dc7-7042827c-4f3d4f23-b4b19073-2432d31c2abf2f80c9f15a3d"><ac:plain-text-body><![CDATA[	[[API 2006	AA. Bibliography#API 06]]	[method getCanonicalPath()	http://java.sun.com/javase/6/docs/api/java/io/File.html#getCanonicalPath()]	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fb6693c24706bc41-cccce5f6-4c764190-a72db715-80d07ef191bb9d9dfe7078b0"><ac:plain-text-body><![CDATA[	[[Harold 1999	AA. Bibliography#Harold 99]]		]]></ac:plain-text-body></ac:structured-macro>

...

Space shortcuts

Page tree

Versions Compared

Old Version 99

New Version 100

Key