I/O function calls should not be vulnerable to path injection attacks

Home

I/O function calls should not be vulnerable to path injection attacks

Rule description

I/O function calls should not be vulnerable to path injection attacks

Non-compliant Code Example

global function string testDelete (string docname)
boolean lb_exist
string ls_docname
ve_filehelper_utils helper

lb_exist = FileExists(docname)

FileDelete(docname) // Code not compliance

helper.FileDelete(docname)

Return docname
end function

Visual Expert 2020

VEPBRULE6