C#-CWE-22

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as “..” that can resolve to a location that is outside of that directory

Required inputs: CSharpAST

This rule detects relative path traversal vulnerabilities, where user input is used to construct file or directory paths without proper validation or sanitization. Example of a safe implementation in C#:

public static void FileOpenSuccess(string input)
{
    const string root = "C:\\safe\\";
    string target = Path.Combine(root, input);
    string full = Path.GetFullPath(target);
    if (full.StartsWith(root))
    {
        File.Open(full, FileMode.Open);
    }
}

Possible Messages

Key	Text	Severity	Disabled
tainted_call	This call is not allowed on unsanitized variables.	None	False

Options

• This rule shares the following common options: excludes, includes, justification_checker, post_processing, provider, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

• This rule has no individual options.