cwe-22
Safeguard articles tagged "cwe-22" — guides, analysis, and best practices for software supply chain and application security.
16 articles
Path Traversal Prevention in Go with filepath.Join Valida...
filepath.Join in Go only cleans a path, it doesn't restrict it to a base directory. Here's why that gap produced real CVEs, and how to close it for good.
Path Traversal Prevention in Java with Path.normalize
Path.normalize() cleans up "." and ".." in a Java path — but it doesn't stop path traversal. Here's why the Zip Slip pattern still slips past code review in 2026.
Path Traversal Prevention in C# with Path.GetFullPath
Path.GetFullPath resolves traversal sequences, but it isn't a sanitizer on its own. Here's how C# teams get containment checks wrong, and how to fix them.
How Snyk Code detects path traversal vulnerabilities thro...
How Snyk Code uses interprocedural data-flow tracing—not regex matching—to catch path traversal (CWE-22) by connecting tainted sources to file-system sinks.