Thanks to visit codestin.com Credit goes to github.com
We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 7ab8f02 commit 1681407Copy full SHA for 1681407
1 file changed
java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp
@@ -28,7 +28,7 @@ returns a <b>non</b>-slash-terminated path string, so a <code>"/"</code> must be
28
29
30
In this example, the <code>if</code> statement checks if <code>parent.getCanonicalPath()</code>
31
-is a prefix of <code>dir.getCanonicalPath()</dir>. However, <code>parent.getCanonicalPath()</code> is
+is a prefix of <code>dir.getCanonicalPath()</code>. However, <code>parent.getCanonicalPath()</code> is
32
not slash-terminated. So, the user that supplies <code>dir</code> may be allowed to access siblings of <code>parent</code>
33
and not just children of <code>parent</code>, which is a security issue.
34
0 commit comments