hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalRemainder.inc.qhelp

Browse Source 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
This commit is contained in:
Jonathan Leitschuh
2023-03-31 15:17:56 -04:00
parent e641505361
commit b9d409279b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-023/PartialPathTraversalRemainder.inc.qhelp
View File

@@ -27,8 +27,8 @@ and not just children of <code>parent</code>, which is a security issue.
<p>
In this example, the <code>if</code> statement checks if <code>parent.toPath()</code>
is a prefix of <code>dir.normalize()</code>. Because <code>Path#startsWith</code> will do the correct check that
<code>dir</code> is ia child children of <code>parent</code>, as desired.
is a prefix of <code>dir.normalize()</code>. Because <code>Path#startsWith</code> does the correct check that
<code>dir</code> is a child of <code>parent</code>, users will not be able to access siblings of <code>parent</code>, as desired.
</p>