Skip to content

Commit 478f570

Browse files
committed
Update README.md
1 parent 4d921a2 commit 478f570

File tree

2 files changed

+20
-1
lines changed

2 files changed

+20
-1
lines changed

Path Manipulation/README.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,11 @@ You can use this repo as reference to fix the Path Manipulation issue [CWE-22](h
2121

2222
✅Unique Filename Validation: Prevent overwriting the existing files on the server.
2323

24+
## 🚫 Note to Developers:
25+
26+
🔹 I can’t stress more to include the secure coding examples and when you are trying to mitigate the vulnerabilities, always go for the AND logic, rather than using the OR logic.
27+
🔹 Test your defenses — try bypassing your own security checks!
28+
2429
## NOTE
2530
The code for the Path Manipulation only check for the Filename validation, Extension Validation, File Size Validation, Unique Filename Validation. ***It doesn't check for the File Contents and Magic Numbers. Use this logic when you are concerned about the Path Manipulation issue ONLY***.
2631

Privacy Violation - Heap Inspection/README.md

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,4 +34,18 @@ StringBuffer password = new StringBuffer("SecurePassword");
3434
- Java: Use GuardedString (from Java's security libraries)
3535
- C#: Use SecureString to handle sensitive data securely 
3636

37-
5️⃣ When no prebuilt library exists, store passwords in char[] and overwrite the array after usage to ensure it doesn't linger in memory.
37+
5️⃣ When no prebuilt library exists, store passwords in char[] and overwrite the array after usage to ensure it doesn't linger in memory.
38+
39+
## Directory Structute
40+
```
41+
Privacy Violation - Heap Inspection
42+
│ README.md
43+
44+
├───csharp
45+
│ HeapInspectionCharArrayExample.cs
46+
│ HeapInspectionSecureStringExample.cs
47+
48+
└───java
49+
HeapInspectionCharArrayExample.java
50+
HeapInspectionGuardedStringExample.java
51+
```

0 commit comments

Comments
 (0)