Use of absolute paths
Summary
The system files must be referenced through absolute paths.
Description
An absolute path provides the complete and unambiguous location of a file or directory from the root of the file system. These paths eliminate ambiguity that may arise with relative paths, especially in situations where the current working directory may vary. In other words, this practice of using absolute paths enhances clarity, predictability, and consistency in file referencing within a code.
References
- CWE-73. External control of file name or path
- CWE-710. Improper adherence to coding standards
- SANS25-8. Improper limitation of a pathname to a restricted directory (path traversal)
- SANS25-12. NULL pointer dereference
- CWE25-22. Improper limitation of a pathname to a restricted directory (path traversal)
- CWE25-476. NULL pointer dereference
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan