• Home
• com.github.albfernandez
• pmd-gds
• 2.27.0
• source code
• cwe-0022-path-traversal.xml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

rulesets.GDS.CWE.cwe-0022-path-traversal.xml Maven / Gradle / Ivy

<?xml version="1.0" encoding="UTF-8"?>
<ruleset name="CWE 22 Path Traversal"
		 xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 https://pmd.sourceforge.io/ruleset_2_0_0.xsd">

	<description>
   		This file is part of the GDS PMD Secure Coding Ruleset.
   		
   		This ruleset contains rules that are intended to detect Path Traversal.
   </description>

	<rule class="com.gdssecurity.pmd.rules.dfa.DfaSecurityRule" name="PathTraversal"
		message="Path Traversal" dfa="true" typeResolution="true" language="java"
		externalInfoUrl="https://cwe.mitre.org/data/definitions/22.html">
		<description>
	This rule utilizes the PMD data flow analysis (DFA) layer to help trace input from source to sink. PMD is unable to track data flow from source to sink across files. Therefore, the scope of analysis is limited to a single file and even within that a single method (i.e. PMD DFA is intraprocedural).
	
	Specifically, it is configured with sinks that might suggest a potential Path Traversal. Additional sinks should be added for increased coverage.	
      </description>

		<priority>1</priority>

		<properties>
			<property name="sinks">
				<value>java.io.File.File|java.nio.file.Paths.get</value>
			</property>
			<property name="sanitizers">
				<value>org.apache.commons.io.FilenameUtils.getName|FilenameUtils.getName</value>
			</property>
		</properties>
	</rule>

</ruleset>