[OWASP-ESAPI] Suggestions from the field...

Jim Manico jim.manico at owasp.org
Mon Dec 21 20:47:45 EST 2009


The getValidFileName method does not validate that the file exists  
within a specified safe parent directory.  This protection is provided  
in the getValidDirectoryPath method.  This seems like a critical  
vulnerability to protect against for filePaths....

How about adding a new getValidFilePath method that provides this  
protection?

You like?

Jim Manico
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20091221/fb8ed1c3/attachment.html 


More information about the OWASP-ESAPI mailing list