ejohnsonscw / scwgithubdemo

Demo config with Trevor - 06.05.23
0 stars 0 forks source link

CWE-22 #7

Open ejohnsonscw opened 1 year ago

ejohnsonscw commented 1 year ago

Please look into.

secure-code-warrior-for-github[bot] commented 1 year ago

Micro-Learning Topic: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE 22)

Matched on "CWE-22"

What is this? (2min video)

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Try a challenge in Secure Code Warrior

Helpful references
  • OWASP Input Validation Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing injection and input validation flaws in your applications, including defence against path traversal.
  • OWASP Path Traversal - OWASP community page with comprehensive information about path traversal, and links to various OWASP resources to help detect or prevent it.