Wiki Markup java.io.File}}:
A path name, whether abstract or in string form, may be either absolute or relative. An absolute path name is complete in that no other information is required to locate the file that it denotes. A relative path name, in contrast, must be interpreted in terms of information taken from some other path name.
...
FIO02-C. Canonicalize path names originating from untrusted sources | |||
FIO02-CPP. Canonicalize path names originating from untrusted sources | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7cebc75c-9b02-4e95-b269-f5cd603dc0f9"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010http://www.aitcnet.org/isai/] | Path Traversal [EWR] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-171. Cleansing, canonicalization, and comparison errors | |||
| CWE-647. Use of non-canonical URL paths for authorization decisions |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="681abf6c-6cd0-41de-9ecc-c655bcfa988e"><ac:plain-text-body><![CDATA[ | [ [API 2006AA. References#API 06]] | http://java.sun.com/javase/6/docs/api/java/io/File.html#getCanonicalPath()] | ]]></ac:plain-text-body></ac:structured-macro> | <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="dee17f3a-fbbd-483b-9446-aa8b8a99768a"><ac:plain-text-body><![CDATA[ | |
[ [Harold 1999AA. References#Harold 99] ] | ]]></ac:plain-text-body></ac:structured-macro> |
...