Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
2 Rules
Rule 13. Input Output (FIO)
FIO16-J. Canonicalize path names before validating them
Page Information
Title:
FIO16-J. Canonicalize path names before validating them
Author:
Dhruv Mohindra
Jul 03, 2008
Last Changed by:
Michal Rozenau
Jun 12, 2023
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/HDdGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (7)
Page:
IDS04-J. Safely extract files from ZipInputStream
Page:
ERR01-J. Do not allow exceptions to expose sensitive information
Page:
Input Validation and Data Sanitization
Page:
FIO14-J. Perform proper cleanup at program termination
Page:
FIO15-J. Do not reset a servlet's output stream after committing it
Page:
FIO00-J. Do not operate on files in shared directories
Page:
SEC01-J. Do not allow tainted variables in privileged blocks
SEI CERT C Coding Standard (1)
Page:
FIO02-C. Canonicalize path names originating from tainted sources
Hierarchy
Parent Page
Page:
Rule 13. Input Output (FIO)
Labels
Global Labels (4)
fio
android
rule
android-implementation-detail-java
Recent Changes
Time
Editor
Jun 12, 2023 06:28
Michal Rozenau
View Changes
Parasoft Jtest 2023.1
May 18, 2021 07:59
Michal Rozenau
View Changes
Parasoft Jtest 2021.1
Feb 26, 2021 09:43
Michal Rozenau
View Changes
Parasoft Jtest 2020.2
Jan 05, 2017 14:54
Will Snavely
View Changes
Oct 05, 2016 16:26
David Svoboda
AD TCF
View Page History
Outgoing Links
External Links (8)
cwe.mitre.org/
https://docs.oracle.com/javase/8/docs/api/java/io/File.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0789
https://docs.oracle.com/javase/8/docs/api/java/io/FilePermi…
https://www.securecoding.cert.org/confluence/display/java/D…
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5518
cwe.mitre.org/data/definitions/171.html
cwe.mitre.org/data/definitions/647.html
SEI CERT C++ Coding Standard (2)
Page:
VOID FIO02-CPP. Canonicalize path names originating from untrusted sources
Home page:
SEI CERT C++ Coding Standard
SEI CERT Oracle Coding Standard for Java (14)
Page:
IDS01-J. Normalize strings before validating them
Page:
Coverity
Page:
The Checker Framework
Page:
Fortify
Page:
Parasoft
Page:
The Checker Framework_V
Page:
FIO14-J. Perform proper cleanup at program termination
Page:
Rule BB. Glossary
Page:
Rule AA. References
Page:
Parasoft_V
Page:
Rule 14. Serialization (SER)
Home page:
SEI CERT Oracle Coding Standard for Java
Page:
FIO00-J. Do not operate on files in shared directories
Page:
Rule 13. Input Output (FIO)
SEI CERT C Coding Standard (2)
Home page:
SEI CERT C Coding Standard
Page:
FIO02-C. Canonicalize path names originating from tainted sources
Overview
Content Tools
{"serverDuration": 86, "requestCorrelationId": "8f7f29197aee894f"}
