Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT C Coding Standard
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (1)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT C Coding Standard
3 Recommendations
Rec. 09. Input Output (FIO)
FIO02-C. Canonicalize path names originating from tainted sources
Page Information
Title:
FIO02-C. Canonicalize path names originating from tainted sources
Author:
Jeffrey Gennari
Aug 22, 2006
Last Changed by:
Jill Britton
Apr 27, 2022
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/DtcxBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Perl Coding Standard (1)
Page:
IDS00-PL. Canonicalize path names before validating them
Android (1)
Page:
Unknown Applicability (C Rules/Recomendations)
SEI CERT Oracle Coding Standard for Java (1)
Page:
FIO16-J. Canonicalize path names before validating them
SEI CERT C Coding Standard (3)
Page:
FIO22-C. Close files before spawning processes
Page:
FIO15-C. Ensure that file operations are performed in a secure directory
Page:
POS05-C. Limit access to files by creating a jail
Hierarchy
Parent Page
Page:
Rec. 09. Input Output (FIO)
Labels
Global Labels (12)
rose-false-positive
compass/rose
cwe-22
fio
windows
android-unknown
input
posix
recommendation
filename
cwe-73
klocwork
Recent Changes
Time
Editor
Apr 27, 2022 08:49
Jill Britton
View Changes
Apr 23, 2021 16:46
Anirban Gangopadhyay
View Changes
Apr 15, 2021 09:43
Anirban Gangopadhyay
View Changes
Aug 30, 2019 17:57
Anirban Gangopadhyay
View Changes
Aug 09, 2018 16:51
Anirban Gangopadhyay
View Page History
Outgoing Links
External Links (23)
cwe.mitre.org/data/definitions/41.html
xorl.wordpress.com/2009/06/09/cve-2009-1760-libtorrent-arbi…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04…
pubs.opengroup.org/onlinepubs/9699919799/
msdn.microsoft.com/en-us/library/aa364963.aspx
https://cwe.mitre.org/data/definitions/28.html
www.kernel.org/doc/man-pages/online/pages/man3/pathconf.3.h…
https://access.redhat.com/security/cve/CVE-2014-9390
cwe.mitre.org/data/definitions/73.html
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1760
https://github.com/git/git/blob/master/Documentation/RelNot…
cwe.mitre.org/
www.kernel.org/doc/man-pages/online/pages/man3/realpath.3.h…
https://cwe.mitre.org/data/definitions/23.html
cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/40.html
cwe.mitre.org/data/definitions/59.html
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://www.mathworks.com/help/bugfinder/ref/certcrec.fio02…
https://www.kb.cert.org/vulnotes/bymetric?searchview&query=…
https://github.com/git/git/commit/77933f4449b8d6aa7529d627f…
SEI CERT C++ Coding Standard (2)
Home page:
SEI CERT C++ Coding Standard
Page:
VOID FIO02-CPP. Canonicalize path names originating from untrusted sources
SEI CERT C Coding Standard (12)
Page:
Klocwork
Page:
LDRA_V
Page:
Rose
Page:
CodeSonar_V
Page:
Polyspace Bug Finder_V
Page:
AA. Bibliography
Page:
Klocwork_V
Page:
CodeSonar
Page:
Polyspace Bug Finder
Page:
BB. Definitions
Page:
LDRA
Home page:
SEI CERT C Coding Standard
SEI CERT Oracle Coding Standard for Java (2)
Page:
FIO16-J. Canonicalize path names before validating them
Home page:
SEI CERT Oracle Coding Standard for Java
Overview
Content Tools
{"serverDuration": 106, "requestCorrelationId": "75d6ff2373a61acc"}