• Home
• com.github.sanity4j
• sanity4j
• 1.8.1
• source code
• PT_RELATIVE_PATH_TRAVERSAL.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

resources.report.rules.findbugs.PT_RELATIVE_PATH_TRAVERSAL.html Maven / Gradle / Ivy

PT: Relative path traversal in servlet (PT_RELATIVE_PATH_TRAVERSAL)
The software uses an HTTP request parameter to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

See http://cwe.mitre.org/data/definitions/23.html
for more information.
FindBugs looks only for the most blatant, obvious cases of relative path traversal.
If FindBugs found any, you almost certainly have more
vulnerabilities that FindBugs doesn't report. If you are concerned about relative path traversal, you should seriously
consider using a commercial static analysis or pen-testing tool.