resources.report.rules.findbugs.PT_ABSOLUTE_PATH_TRAVERSAL.html Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of sanity4j Show documentation
Show all versions of sanity4j Show documentation
Sanity4J was created to simplify running multiple static code
analysis tools on the Java projects. It provides a single entry
point to run all the selected tools and produce a consolidated
report, which presents all findings in an easily accessible
manner.
PT_ABSOLUTE_PATH_TRAVERSAL
PT: Absolute path traversal in servlet (PT_ABSOLUTE_PATH_TRAVERSAL)
The software uses an HTTP request parameter to construct a pathname that should be within a restricted directory,
but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
See http://cwe.mitre.org/data/definitions/36.html
for more information.
FindBugs looks only for the most blatant, obvious cases of absolute path traversal.
If FindBugs found any, you almost certainly have more
vulnerabilities that FindBugs doesn't report. If you are concerned about absolute path traversal, you should seriously
consider using a commercial static analysis or pen-testing tool.
© 2015 - 2024 Weber Informatics LLC | Privacy Policy