Corgea LogoCorgea Security Hub

CWE-26: Path Traversal: '/dir/../filename'

Learn about CWE-26 (Path Traversal: '/dir/../filename'), its security impact, exploitation methods, and prevention guidelines.

What is Path Traversal: '/dir/../filename'?

• Overview: CWE-26, Path Traversal, occurs when a product improperly handles input used to build a file path, allowing attackers to navigate the file system beyond intended directories.

• Exploitation Methods:

  • Attackers can exploit this by inserting "../" or "/../" sequences in the file path to access files outside the restricted directory.
  • Common attack patterns include appending traversal sequences to file requests to reach sensitive files like configuration files or password files.

• Security Impact:

  • Direct consequences include unauthorized access to sensitive files and data leakage.
  • Potential cascading effects involve further system compromise if critical files like authentication credentials are accessed.
  • Business impact includes data breaches, loss of customer trust, legal repercussions, and financial losses.

• Prevention Guidelines:

  • Specific code-level fixes include validating and sanitizing all file path inputs to remove traversal sequences.
  • Security best practices involve using APIs that automatically resolve paths safely and implementing strict access controls.
  • Recommended tools and frameworks include security libraries that offer input validation and path normalization functions.
Corgea can automatically detect and fix Path Traversal: '/dir/../filename' in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not Language-Specific

Affected Technologies: Web Server

Vulnerable Code Example

const fs = require('fs');
const path = require('path');

function readFile(userInput) {
    // Vulnerable to path traversal: user can input '../' to access arbitrary files
    const filePath = path.join('/secure_directory', userInput);
    return fs.readFileSync(filePath, 'utf8');
}

// Example call
// readFile('../etc/passwd') would allow accessing sensitive files

How to fix Path Traversal: '/dir/../filename'?

To mitigate the vulnerability in JavaScript, we should:

  1. Normalize the path to eliminate any traversals.
  2. Validate that the resolved path is within the secure directory.
  3. Use path manipulation functions to ensure path safety.

Fixed Code Example

const fs = require('fs');
const path = require('path');

function readFile(userInput) {
    const baseDirectory = path.resolve('/secure_directory');
    const filePath = path.resolve(baseDirectory, userInput);

    // Ensure the path is within the intended directory
    if (!filePath.startsWith(baseDirectory + path.sep)) {  // Ensure directory boundary
        throw new Error("Invalid file path");
    }

    return fs.readFileSync(filePath, 'utf8');
}

// Example call
// readFile('text.txt') safely reads from '/secure_directory/text.txt'

Explanation

  • Vulnerable Example: The code uses path.join without validating the resulting path, allowing an attacker to exploit path traversal by providing inputs like '../etc/passwd'.

  • Fixed Example: The code normalizes the path using path.resolve, and then checks if the resolved path starts with the base directory path. This ensures that even if a user tries to traverse directories, the access is restricted to the intended directory. The check filePath.startsWith(baseDirectory + path.sep) ensures that only files within the intended directory can be accessed, preventing directory traversal attacks.

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-26: Path Traversal: '/dir/../filename' and get remediation guidance

Start for free and no credit card needed.