...
Tool | Version | Checker | Description | |||||||
---|---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| IO.TAINT.FNAME BADFUNC.PATH.* | Tainted Filename A collection of checks that report uses of library functions that require securely-specified path parameters. | |||||||
Compass/ROSE | Could catch violations of this rule by enforcing that any call to | |||||||||
Klocwork |
| |||||||||
LDRA tool suite |
| 85 D | Partially implemented | |||||||
Polyspace Bug Finder |
| Vulnerable path manipulation | CERT C: Rec. FIO02-C | Checks for vulnerable path manipulation (rec. partially covered)Path argument with |
Related Vulnerabilities
CVE-2009-1760 results from a violation of this recommendation. Until version 0.4.13, libtorrent
attempts to rule out unsafe file paths by checking only against the ".."
string. An attacker can exploit this to access any file on the system by using more complex relative paths [xorl 2009].
...