Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I know this is an old question, but I've just come across something that may be helpful specifically related to the CAT.Net error message.</p> <p>In a <a href="http://blogs.msdn.com/b/syedab/archive/2010/02/04/cat-net-data-flow-rules.aspx" rel="nofollow noreferrer">blog post</a> about the CAT.Net Data Flow Rules, they have this to say about the <code>FileCanonicalizationRule</code>:</p> <p><strong>Description</strong></p> <blockquote> <p>User input used in the file handling routines can potentially lead to File Canonicalization vulnerability. Code is particularly susceptible to canonicalization issues if it makes any decisions based on the name of a resource that is passed to the program as input. Files, paths, and URLs are resource types that are vulnerable to canonicalization because in each case there are many different ways to represent the same name.</p> </blockquote> <p><strong>Resolution</strong></p> <blockquote> <p>Sanitize the file path prior to passing it to file handling routines. Use Path.GetInvalidFileNameChars or Path.GetInvalidPathChars to get the invalid characters and remove them from the input. More information can be found at <a href="http://msdn.microsoft.com/en-us/library/system.io.path.getinvalidfilenamechars.aspx" rel="nofollow noreferrer">http://msdn.microsoft.com/en-us/library/system.io.path.getinvalidfilenamechars.aspx</a>.</p> </blockquote> <p>So, they suggest that you use <a href="http://msdn.microsoft.com/en-us/library/system.io.path.getinvalidfilenamechars.aspx" rel="nofollow noreferrer"><code>Path.GetInvalidFileNameChars</code></a> and <a href="http://msdn.microsoft.com/en-us/library/system.io.path.getinvalidpathchars.aspx" rel="nofollow noreferrer"><code>Path.GetInvalidPathChars</code></a> to validate your paths.</p> <p>Note that their suggestion is to <em>remove</em> the invalid characters. While this will indeed make the path valid, it may cause unexpected behaviour for the user. As the comments on <a href="https://stackoverflow.com/a/146162/429949">this</a> question/answer suggest it's probably better to quit early and tell the user that their path is invalid, rather than doing something unexpected with their input (like removing bad characters and using the modified version).</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload