SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 6

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
public static void main(String[] args) {

  try {	
    File f = new File("/tmp/" + args[1]);
    String canonicalPath = f.getCanonicalPath();
  }
  catch(IOException ie) {}
}

Risk Assessment

TODOUsing path names from untrusted sources without first canonicalizing the filenames involved may seriously compromise the security of a Java application.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO01-J

?? high ??

probable

?? high

P??

L??

Automated Detection

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Harold 99|AA. Java References#Harold 99]\]
Java I/O, by Elliotte Rusty Harold