{"@ID": "249", "@Name": "DEPRECATED: Often Misused: Path Manipulation", "@Abstraction": "Variant", "@Structure": "Simple", "@Status": "Deprecated", "Description": "This entry has been deprecated because of name\n\tconfusion and an accidental combination of multiple\n\tweaknesses. Most of its content has been transferred to\n\tCWE-785.", "Extended_Description": {"xhtml:p": ["This entry was deprecated for several reasons. The primary\n        reason is over-loading of the \"path manipulation\" term and the\n        description. The original description for this entry was the\n        same as that for the \"Often Misused: File System\" item in the\n        original Seven Pernicious Kingdoms paper. However, Seven\n        Pernicious Kingdoms also has a \"Path Manipulation\" phrase that\n        is for external control of pathnames (CWE-73), which is a\n        factor in symbolic link following and path traversal, neither\n        of which is explicitly mentioned in 7PK. Fortify uses the\n        phrase \"Often Misused: Path Manipulation\" for a broader range\n        of problems, generally for issues related to buffer\n        management. Given the multiple conflicting uses of this term,\n        there is a chance that CWE users may have incorrectly mapped\n        to this entry.", "The second reason for deprecation is an implied combination of\n\tmultiple weaknesses within buffer-handling functions. The\n\tfocus of this entry was generally on the path-conversion\n\tfunctions and their association with buffer\n\toverflows. However, some of Fortify's Vulncat entries have the\n\tterm \"path manipulation\" but describe a non-overflow weakness\n\tin which the buffer is not guaranteed to contain the entire\n\tpathname, i.e., there is information truncation (see CWE-222\n\tfor a similar concept). A new entry for this non-overflow\n\tweakness may be created in a future version of CWE."]}, "Mapping_Notes": {"Usage": "Prohibited", "Rationale": "This CWE has been deprecated.", "Comments": "See description for suggestions for other CWE IDs to use.", "Reasons": {"Reason": {"@Type": "Deprecated"}}}, "Content_History": {"Submission": {"Submission_Name": "7 Pernicious Kingdoms", "Submission_Date": "2006-07-19", "Submission_Version": "Draft 3", "Submission_ReleaseDate": "2006-07-19"}, "Modification": [{"Modification_Name": "Eric Dalci", "Modification_Organization": "Cigital", "Modification_Date": "2008-07-01", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Time_of_Introduction"}, {"Modification_Organization": "KDM Analytics", "Modification_Date": "2008-08-01", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "added/updated white box definitions"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2008-09-08", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2009-05-27", "Modification_Version": "1.4", "Modification_ReleaseDate": "2009-05-27", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "KDM Analytics", "Modification_Date": "2009-07-17", "Modification_Version": "1.5", "Modification_ReleaseDate": "2009-07-27", "Modification_Importance": "Critical", "Modification_Comment": "Described inconsistencies in this entry, which the CWE Content Team had already slated for deprecation."}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2009-07-27", "Modification_Version": "1.5", "Modification_ReleaseDate": "2009-07-27", "Modification_Comment": "updated Affected_Resources, Applicable_Platforms, Demonstrative_Examples, Description, Maintenance_Notes, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type, White_Box_Definitions"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2009-10-29", "Modification_Version": "1.6", "Modification_ReleaseDate": "2009-10-29", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-03-15", "Modification_Version": "4.4", "Modification_ReleaseDate": "2021-03-15", "Modification_Comment": "updated Description, Maintenance_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2022-10-13", "Modification_Version": "4.9", "Modification_ReleaseDate": "2022-10-13", "Modification_Comment": "updated Description"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}], "Previous_Entry_Name": {"@Date": "2009-07-27", "#text": "Often Misused: Path Manipulation"}}}
