The system files must be referenced through absolute paths.
An absolute path provides the complete and unambiguous location of a file or directory from the root of the file system. These paths eliminate ambiguity that may arise with relative paths, especially in situations where the current working directory may vary. In other words, this practice of using absolute paths enhances clarity, predictability, and consistency in file referencing within a code.
This requirement is verified in following services
- CWE™-73. External control of file name or path
- CWE™-710. Improper adherence to coding standards
- SANS 25-8. Improper limitation of a pathname to a restricted directory (path traversal)
- SANS 25-12. NULL pointer dereference
- CWE TOP 25-22. Improper limitation of a pathname to a restricted directory (path traversal)
- CWE TOP 25-476. NULL pointer dereference
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.