hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

apply suggestions from doc review

Browse Source
This commit is contained in:
erik-krogh
2024-01-25 11:20:46 +01:00
parent 158ff0da0a
commit 05a59d2a94
1 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
java/ql/src/Security/CWE/CWE-022/TaintedPath.qhelp
View File

@@ -7,8 +7,8 @@
can result in sensitive information being revealed or deleted, or an attacker being able to influence
behavior by modifying unexpected files.</p>
<p>Paths that are naively constructed from data controlled by a user may be absolute paths or contain
unexpected special characters, such as "..". Such a path may potentially point anywhere on the file system.</p>
<p>Paths that are naively constructed from data controlled by a user may be absolute paths, or may contain
unexpected special characters such as "..". Such a path could point anywhere on the file system.</p>
</overview>
<recommendation>
@@ -16,12 +16,11 @@ unexpected special characters, such as "..". Such a path may potentially point a
<p>Validate user input before using it to construct a file path.</p>
<p>Common validation methods include checking that the normalized path is relative and does not contain
any ".." components, or that the path is contained within a safe folder. The validation method to use depends
on how the path is used in the application and whether the path is supposed to be a single path component.
</p>
any ".." components, or checking that the path is contained within a safe folder. The method you should use depends
on how the path is used in the application, and whether the path should be a single path component.
<p>If the path is supposed to be a single path component (such as a file name) you can check for the existence
of any path separators ("/" or "\") or ".." sequences in the input, and reject the input if any are found.
<p>If the path should be a single path component (such as a file name), you can check for the existence
of any path separators ("/" or "\"), or ".." sequences in the input, and reject the input if any are found.
</p>
<p>
@@ -43,14 +42,13 @@ such as "/etc/passwd" or "../../../etc/passwd".</p>
<sample src="examples/TaintedPath.java" />
<p>
If the input is just supposed to be a file name, you can check that it doesn't contain any path separators
or ".." sequences.
If the input should only be a file name, you can check that it doesn't contain any path separators or ".." sequences.
</p>
<sample src="examples/TaintedPathGoodNormalize.java" />
<p>
If the input is supposed to be found within a specific directory, you can check that the resolved path
If the input should be within a specific directory, you can check that the resolved path
is still contained within that directory.
</p>