2 The software uses an HTTP request parameter to construct a pathname that should be within a restricted directory,
3 but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
5 See <a href="http://cwe.mitre.org/data/definitions/36.html">http://cwe.mitre.org/data/definitions/36.html</a> for more information.
9 FindBugs looks only for the most blatant, obvious cases of absolute path traversal.
10 If FindBugs found <em>any</em>, you <em>almost certainly</em> have more
11 vulnerabilities that FindBugs doesn't report. If you are concerned about absolute path traversal, you should seriously
12 consider using a commercial static analysis or pen-testing tool.
projects / sonarqube.git / blob