+ tmp_str += 3;
+
+ // Directory traversal test
+
+ if (w_ref_parent_folder(str_pt)) {
+ merror("Active response command '%s' vulnerable to directory transversal attack. Ignoring.", str_pt);
+ exec_cmd[exec_size][0] = '\0';
+ } else {
+ /* Write the full command path */
+ snprintf(exec_cmd[exec_size], OS_FLSIZE,
+ "%s/%s",
+ AR_BINDIRPATH,
+ str_pt);
+ process_file = fopen(exec_cmd[exec_size], "r");
+ if (!process_file) {
+ if (f_time_reading) {
+ verbose("%s: INFO: Active response command not present: '%s'. "
+ "Not using it on this system.",
+ ARGV0, exec_cmd[exec_size]);
+ }