SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 69

changes.mady.by.user vishal patel

Saved on

compared with

New Version 70

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

IDS21-J

medium

unlikely

medium

P4

L3

Related Vulnerabilities

CVE-2005-0789, CVE-2008-5518

Other Languages

This rule appears in the C Secure Coding Standard as FIO02-C. Canonicalize path names originating from untrusted sources.

This rule appears in the C++ Secure Coding Standard as FIO02-CPP. Canonicalize path names originating from untrusted sources.

Related Vulnerabilities

CVE-2005-0789

 

CVE-2008-5518

 

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9f7acea7-3fce-480a-b822-5e2fda200779"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE ID 171

http://cwe.mitre.org/data/definitions/171.html] "Cleansing, Canonicalization, and Comparison Errors"]]></ac:plain-text-body></ac:structured-macro>

 

CWE ID 647 "Use of Non-Canonical URL Paths for Authorization Decisions"

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup

...

" ac:schema-version="1" ac:macro-id="ac98d401-7af2-428d-9548-ba147184fe17"><ac:plain-text-body><![CDATA[

[[API

...

2006

...

AA.

...

Bibliography#API

...

06]

...

]

...

[method

...

getCanonicalPath()

...

http://java.sun.com/javase/6/docs/api/java/io/File.html#getCanonicalPath()

...

]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="dbb8bb98-0770-464b-88e1-55bebc6e776b"><ac:plain-text-body><![CDATA[

[[API

...

2006

...

AA.

...

Bibliography#API

...

06]

...

]

...

[method

...

getCanonicalFile()

...

http://java.sun.com/javase/6/docs/api/java/io/File.html#getCanonicalFile()

...

]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0ddba89b-3c40-4147-9680-e47f31b83f83"><ac:plain-text-body><![CDATA[

[[Harold

...

1999

...

AA.

...

Bibliography#Harold

...

99]

...

]

 

]]></ac:plain-text-body></ac:structured-macro>

...

IDS20-J. Exclude user input from format strings            IDS22-J. Limit the size of files passed to ZipInputStream