BaseDraft

CWE-66Improper Handling of File Names that Identify Virtual Resources

Category: logic

Description

The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file. Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.

Common consequences· 1

  • Other — Other

References

  1. https://cwe.mitre.org/data/definitions/66.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Link Resolution Before File Access ('Link Following')
CWE
Improper Restriction of Names for Files and Other Resources
CWE
Path Equivalence: 'fakedir/../realdir/filename'
CWE
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE
Improper Resolution of Path Equivalence
CWE
Improper Handling of Windows Device Names
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.