| Wiki Markup |
|---|
According to the Java API \[[API 2006|AA. Java References#API 06]\], class {{java.io.File}}: |
A pathname, whether abstract or in string form, may be either absolute or relative. An absolute pathname is complete in that no other information is required to locate the file that it denotes. A relative pathname, in contrast, must be interpreted in terms of information taken from some other pathname.
...
Using path names from untrusted sources without canonicalizing the filenames before validating them can result in directory traversal attacks.
Rule Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO04-J | medium | unlikely | medium | P4 | L3 |
...