CWE-66

Improper Handling of File Names that Identify Virtual Resources

AI Translation Available

The product does not handle or incorrectly handles a file name that identifies a 'virtual' resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.

Status

draft

Abstraction

base

Affected Platforms

Extended Description

AI Translation

Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.

Technical Details

AI Translation

Common Consequences

other

Impacts

other

Detection Methods

automated static analysis - binary or bytecode manual static analysis - binary or bytecode dynamic analysis with automated results interpretation dynamic analysis with manual results interpretation manual static analysis - source code automated static analysis - source code architecture or design review

Potential Mitigations

Functional Areas

file processing

AI Generated Translation

Common Consequences

altro

Impacts

altro

Detection Methods

analisi statica automatizzata - binario o bytecode analisi statica manuale - binario o bytecode analisi dinamica con interpretazione automatica dei risultati analisi dinamica con interpretazione manuale dei risultati analisi statica manuale - codice sorgente analisi statica automatizzata - codice sorgente revisione dell'architettura o del design

Potential Mitigations

Functional Areas

elaborazione file

CWE-66

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Functional Areas

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Functional Areas

Iscriviti alla newsletter