Home

I/O function calls should not be vulnerable to path injection attacks

  • Vulnerability
  • Critical

Rule description

  • I/O function calls should not be vulnerable to path injection attacks

 

Non-compliant Code Example 

global function string testDelete (string docname)
boolean lb_exist
string ls_docname
ve_filehelper_utils helper

lb_exist = FileExists(docname)

FileDelete(docname) //Non compliant code

helper.FileDelete(docname)

Return docname
end function
Visual Expert 2020
 VEPBRULE6