Common Weakness Enumeration
Back to CWE stats page
CWE-641
Improper Restriction of Names for Files and Other Resources
The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.
Mitigation
Phase: Architecture and Design
Description:
- Do not allow users to control names of resources used on the server side.
Mitigation
Phase: Architecture and Design
Description:
- Perform allowlist input validation at entry points and also before consuming the resources. Reject bad file names rather than trying to cleanse them.
Mitigation
Phase: Architecture and Design
Description:
- Make sure that technologies consuming the resources are not vulnerable (e.g. buffer overflow, format string, etc.) in a way that would allow code execution if the name of the resource is malformed.
No CAPEC attack patterns related to this CWE.