CWE-28: Path Traversal: '.. iledir'
Learn about CWE-28 (Path Traversal: '.. iledir'), its security impact, exploitation methods, and prevention guidelines.
What is Path Traversal: '..\filedir'?
• Overview: Path Traversal (CWE-28) occurs when an application constructs a file path using external input without properly sanitizing ".." sequences, allowing access to files and directories outside the intended restricted directory.
• Exploitation Methods:
- Attackers exploit this by injecting ".." into file paths to navigate to unauthorized directories.
- Common techniques include appending or prepending ".." sequences to legitimate file path inputs to bypass directory restrictions.
• Security Impact:
- Direct consequences include unauthorized access to sensitive files and directories, such as configuration files or user data.
- Potential cascading effects involve further exploitation through information disclosure or modification of critical files.
- Business impact can include data breaches, legal repercussions, and loss of customer trust.
• Prevention Guidelines:
- Validate and sanitize all file path inputs to remove or neutralize ".." sequences.
- Use built-in libraries or functions to handle file paths safely, ensuring they resolve within the intended directory.
- Implement allow-listing for file paths, specifying only the files and directories that can be accessed.
- Employ security mechanisms like chroot or containerization to restrict file system access.
- Regularly review and update security configurations and patches.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
Python Example
import os
def read_file(user_input):
# Vulnerable to path traversal attacks as it directly uses user input to form file paths
base_directory = '/var/www/app/data'
file_path = os.path.join(base_directory, user_input) # This line allows path traversal
with open(file_path, 'r') as file: # Potentially dangerous if path traversal is exploited
return file.read() # Data from unauthorized files could be exposed
Explanation:
- Vulnerability: The code above is vulnerable to path traversal attacks because it directly uses user input to construct the file path. An attacker can exploit this by using paths like
../to access files outside the intended directory, potentially exposing sensitive data or system files.
How to fix Path Traversal: '..\filedir'?
To fix path traversal vulnerabilities, ensure that user inputs do not lead to file paths outside the intended directory. This can be achieved by:
- Input Validation: Validate and sanitize user input to disallow any path traversal characters (like
..). - Canonicalization: Use functions to resolve the path to its absolute form and check if it starts with the intended base directory.
- Restrict Access: Ensure that the application has limited permissions, only what is necessary for its operation.
Fixed Code Example
import os
def read_file(user_input):
base_directory = '/var/www/app/data'
# Resolve the absolute path and ensure it is within the base directory
file_path = os.path.abspath(os.path.join(base_directory, user_input))
# Check if the resolved path starts with the base directory path
if not file_path.startswith(base_directory + os.path.sep): # Ensure path is within the base directory
raise ValueError("Access to the specified file is not allowed.")
with open(file_path, 'r') as file:
return file.read()
Explanation:
- Security Fix: The code now resolves the absolute path of the file and checks if it starts with the base directory path. The addition of
os.path.sepensures that the check is precise, preventing paths like/var/www/app/data_not_allowedfrom being incorrectly validated. - Safeguard: By ensuring the file path starts with the base directory, we mitigate the risk of path traversal attacks effectively. This approach helps ensure that only files within the intended directory are accessible, protecting against unauthorized access to sensitive files.