-
Notifications
You must be signed in to change notification settings - Fork 3
Files
Files are the interface for applications to interact with the outside world. Files may contain malicious information or may be the entry point to malicious applications. This results in data leak or resource consumption or denial of access.
Files are not part of the application, so they are outside of the application's control. The application must ensure proper behavior, irrespective of the outside world.
files, types of files
symbolic links, secure directories
file naming, file attributes, file permissions
time-of-check time-of-use (TOCTOU) attacks
operating with files in Java
Enter the 05-files/link/ subfolder in the repository. Check the source code, find the issue with it, "exploit" it the fix it.
Based on FIO00
Enter the 05-files/zip-bomb/ subfolder in the repository. Check the source code, find the issue with it, "exploit" it the fix it.
Based on IDS04
Uses zip bomb from here.
Enter the 05-files/naming/ subfolder in the repository. Check the source code, find the issue with it, "exploit" it the fix it.
Based on IDS50
Enter the 05-files/toctou/ subfolder in the repository. Check the source code, find the issue with it, "exploit" it the fix it.
Based on FIO51
Enter the 05-files/temp-file/ subfolder in the repository. Check the source code, find the issue with it, "exploit" it the fix it.
Based on FIO03
Enter the 05-files/eof/ subfolder in the repository. Check the source code, find the issue with it, "exploit" it the fix it.
Based on FIO08
Enter the 05-files/path-selection/ subfolder in the repository. Check the source code, find the issue with it, "exploit" it the fix it.
Based on FIO16