SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 81

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 82

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: interim save

...

An absolute path may contain aliases, shadows, symbolic links and shortcuts (aliases, hereafter) rather than canonical paths, which refer to the actual files or directories that these point to. These aliases must be fully resolved before any file validation operations are performed. For instance, resolving the final target of a symbolic link called trace may yield its actual path on the file system, such as, might be the path name /home/system/trace.

The process of canonicalizing file names makes it easier to verify an alias. More than one alias can refer to a single directory or file. Further, the textual representation of an alias may yield little or no information regarding the directory or file to which it refers. Consequently, all aliases must be fully resolved or canonicalized before validation. This is necessary because untrusted user input may allow an I/O operation to escape the specified operating directory. Violation of this rule can result in information disclosure and malicious modification of files existing in directories other than the specified one.

...

CVE-2005-0789

 

CVE-2008-5518

 

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="10ed72bd7e1f426d-81e0bd04-4dd14041-a3c79483-92713c3c367b04c5c2f08f0a"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE ID 171

http://cwe.mitre.org/data/definitions/171.html] "Cleansing, Canonicalization, and Comparison Errors"]]></ac:plain-text-body></ac:structured-macro>

 

CWE ID 647 "Use of Non-Canonical URL Paths for Authorization Decisions"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bd8fa5679e8b2c9b-f4a6ba5a-4fb348c3-89fea555-b0eda24e396bb3e76c0520b3"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[method getCanonicalPath()

http://java.sun.com/javase/6/docs/api/java/io/File.html#getCanonicalPath()]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="36d1370edb564e15-b47f671e-43054af1-9a5a8bba-ef50d8e30be7bd7787417dce"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[method getCanonicalFile()

http://java.sun.com/javase/6/docs/api/java/io/File.html#getCanonicalFile()]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b8f286be692e3546-38de7ba8-47bf46b0-bfafb7ae-01e79006f7a64ebaa703b3de"><ac:plain-text-body><![CDATA[

[[Harold 1999

AA. Bibliography#Harold 99]]

 

]]></ac:plain-text-body></ac:structured-macro>

...