...
The process of canonicalizing file names makes it easier to verify an alias. More than one alias can refer to a single directory or file. Further, the textual representation of an alias may yield little or no information regarding the directory or file to which it refers. Consequently, all aliases must be fully resolved or canonicalized before validation. This is necessary because untrusted user input may allow an I/O operation to escape the specified operating directory. Violation of this guideline rule can result in information disclosure and malicious modification of files existing in directories other than the specified one.
This guideline rule is an instance of IDS02-J. Normalize strings before validating them.
...
| Code Block | ||
|---|---|---|
| ||
grant codeBase "file:/home/programpath/" {
permission java.io.FilePermission "/tmp", "read, write";
};
|
See guideline rule ENV02-J. Create a secure sandbox using a Security Manager for additional information on using security managers.
...
| Code Block | ||
|---|---|---|
| ||
// All files in /img/java can be read
grant codeBase "file:/home/programpath/" {
permission java.io.FilePermission "/img/java", "read";
};
|
See guideline rule ENV02-J. Create a secure sandbox using a Security Manager for additional information on using security managers.
...
Other Languages
This guideline rule appears in the C Secure Coding Standard as FIO02-C. Canonicalize path names originating from untrusted sources.
This guideline rule appears in the C++ Secure Coding Standard as FIO02-CPP. Canonicalize path names originating from untrusted sources.
...