• Home
• com.github.sanity4j
• sanity4j
• 1.8.1
• source code
• PT_ABSOLUTE_PATH_TRAVERSAL.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

resources.report.rules.findbugs.PT_ABSOLUTE_PATH_TRAVERSAL.html Maven / Gradle / Ivy

PT: Absolute path traversal in servlet (PT_ABSOLUTE_PATH_TRAVERSAL)
The software uses an HTTP request parameter to construct a pathname that should be within a restricted directory,
but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

See http://cwe.mitre.org/data/definitions/36.html
for more information.
FindBugs looks only for the most blatant, obvious cases of absolute path traversal.
If FindBugs found any, you almost certainly have more
vulnerabilities that FindBugs doesn't report. If you are concerned about absolute path traversal, you should seriously
consider using a commercial static analysis or pen-testing tool.