hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Incorporate jksco's feedback

Browse Source
This commit is contained in:
Shyam Mehta
2022-07-12 01:58:33 -04:00
parent 781a2a73d3
commit 65b9947428
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp
View File

@@ -3,9 +3,9 @@
"qhelp.dtd"> "qhelp.dtd">
<qhelp> <qhelp>
<overview> <overview>
<p>User supplied file paths can often pose security risks if a program does not correctly handle them. In particular, if a user <p>User supplied file paths can often pose security risks if a program does not handle them correctly. In particular, if a user
is meant to access files under a certain directory but does not enters a path under that directory, they can gain access to is meant to access files under a certain directory but does not enter a path under that directory, they can
(and potentially modify/delete) unexpected, possibly sensitive resources. </p> unexpectedly gain access to (and potentially modify/delete) possibly sensitive resources. </p>
<p>Suppose a program is to only accept paths that point to files/folders within directory <code>DIR</code>. <p>Suppose a program is to only accept paths that point to files/folders within directory <code>DIR</code>.
To ensure that a user supplied path, say <code>SUBDIR</code>, is a subdirectory of <code>DIR</code>, the To ensure that a user supplied path, say <code>SUBDIR</code>, is a subdirectory of <code>DIR</code>, the