...
Another domain where normalization is required before validation is in sanitizing untrusted path names in a file system. This is addressed by guideline rule IDS21-J. Canonicalize path names before validating them.
...
Search for vulnerabilities resulting from the violation of this guideline rule on the CERT website.
Bibliography
...