SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 71

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 72

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
            According to the Java API \[[API 2006|AA. Bibliography#API 06]\], class {{java.io.File}}

A pathnamepath name, whether abstract or in string form, may be either absolute or relative. An absolute pathname path name is complete in that no other information is required to locate the file that it denotes. A relative pathnamepath name, in contrast, must be interpreted in terms of information taken from some other pathnamepath name.

An absolute path may contain aliases, shadows, symbolic links and shortcuts (aliases, hereafter) rather than canonical paths, which refer to the actual files or directories that these point to. These aliases must be fully resolved before any file validation operations are performed. For instance, resolving a symbolic link called trace may yield its actual path on the file system, such as, /home/system/trace.

...

CVE-2005-0789

 

CVE-2008-5518

 

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b66e2f4ab33e51ae-3a39a2a4-4f6849c6-92339392-34da29a458e7e36f1e0e10bf"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE ID 171

http://cwe.mitre.org/data/definitions/171.html] "Cleansing, Canonicalization, and Comparison Errors"]]></ac:plain-text-body></ac:structured-macro>

 

CWE ID 647 "Use of Non-Canonical URL Paths for Authorization Decisions"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="55f54c96818291f7-63b5e17c-4e914175-bf21b3d6-8165192b210052e4fe9feccd"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[method getCanonicalPath()

http://java.sun.com/javase/6/docs/api/java/io/File.html#getCanonicalPath()]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ca8111b44c05071e-cc30bc05-472e4579-aa2799b6-a65b80491af1e7216d504fdb"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[method getCanonicalFile()

http://java.sun.com/javase/6/docs/api/java/io/File.html#getCanonicalFile()]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a4283b8c60ad53cd-4c757f31-454446a1-8a4e9695-b55711b164fee8f6aa5597dd"><ac:plain-text-body><![CDATA[

[[Harold 1999

AA. Bibliography#Harold 99]]

 

]]></ac:plain-text-body></ac:structured-macro>

...