15 lines
585 B
Plaintext
15 lines
585 B
Plaintext
==== Use secure-by-design APIs
|
|
|
|
Some libraries contain APIs with these three capabilities:
|
|
|
|
* File retrieval in a file system.
|
|
* Restriction of the file retrieval to a specific folder (thus sanitizing and validating untrusted data).
|
|
* A feature, such as a file download or file deletion.
|
|
|
|
They can be referred to as "secure-by-design" APIs. Using this type of API,
|
|
such as '{auto_canonicalization_function}', brings multiple layers of security
|
|
to the code while keeping the code base shorter.
|
|
|
|
Behind the scenes, this function protects against both regular and partial path
|
|
injection.
|