tvalverd / scw_github_demo

POV Environment
0 stars 0 forks source link

CWE-22 #1

Open tvalverd opened 1 year ago

tvalverd commented 1 year ago

Testing SCW bot

secure-code-warrior-for-github[bot] commented 1 year ago

Micro-Learning Topic: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE 22)

Matched on "CWE-22"

What is this? (2min video)

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Try a challenge in Secure Code Warrior

Helpful references
  • OWASP Input Validation Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing injection and input validation flaws in your applications, including defence against path traversal.
  • OWASP Path Traversal - OWASP community page with comprehensive information about path traversal, and links to various OWASP resources to help detect or prevent it.