...
In addition to these specific issues, there are is a wide variety of operating system-specific and file system-specific naming conventions that make validation difficult.
...
Unfortunately the canonicalization is performed before after the validation, which renders the validation ineffective.
...
A comprehensive way of handling this issue is to grant the application the permissions to operate only on files present within the intended directory—the /img directory in this example. This compliant solution specifies the absolute path of the program in its security policy file and grants java.io.FilePermission with target /img/java and the read action.
This solution requires that the /img driectory directory is a secure directory, as described in FIO00-J. Do not operate on files in shared directories.
...
Related Guidelines
FIO02-C. Canonicalize path names originating from tainted sources | |
FIO02-CPP. Canonicalize path names originating from untrusted sources | |
Path Traversal [EWR] | |
CWE-171, Cleansing, canonicalization, and comparison errors |
...
...