CWE-42: Path Equivalence: 'filename.' (Trailing Dot)
Learn about CWE-42 (Path Equivalence: 'filename.' (Trailing Dot)), its security impact, exploitation methods, and prevention guidelines.
What is Path Equivalence: 'filename.' (Trailing Dot)?
• Overview: This vulnerability occurs when a software product improperly handles path inputs with a trailing dot, like 'filename.', leading to ambiguous path resolution that can be exploited to access or manipulate files outside the intended directory.
• Exploitation Methods:
- Attackers can exploit this by appending a trailing dot to file or directory paths, tricking the system into resolving paths incorrectly.
- Common attack patterns include directory traversal attacks where the attacker gains unauthorized access to files or directories.
• Security Impact:
- Direct consequences include unauthorized file access, modification, or deletion.
- Potential cascading effects involve unauthorized system access, data breaches, and further exploitations based on accessed data.
- Business impact could involve data loss, legal liabilities, and reputational damage.
• Prevention Guidelines:
- Specific code-level fixes include normalizing path inputs and removing or rejecting trailing dots before processing.
- Security best practices involve thorough input validation and canonicalization to ensure paths are resolved consistently.
- Recommended tools and frameworks include using secure APIs for file handling that inherently prevent path manipulation.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
import os
def read_file(filename):
base_directory = '/var/www/app/data'
# Vulnerable to path equivalence due to trailing dot
# An attacker could provide a filename with a trailing dot (e.g., 'file.txt.')
# This might bypass certain path checks if the system treats 'file.txt' and 'file.txt.' as equivalent.
if os.path.exists(os.path.join(base_directory, filename)):
with open(os.path.join(base_directory, filename), 'r') as file:
return file.read()
else:
return "File not found."
Explanation:
- Vulnerability: The code is susceptible to path equivalence issues due to trailing dots. An attacker could bypass path checks by appending a dot to filenames, potentially accessing unauthorized files.
How to fix Path Equivalence: 'filename.' (Trailing Dot)?
To mitigate this vulnerability, it's essential to normalize and validate the file path, ensuring it remains within the intended directory. The steps include:
- Normalize the Path: Use
os.path.realpath()to resolve the path to its canonical form, removing any symbolic links or redundant separators. - Validate Path: Confirm that the resolved path is within the allowed directory.
- Reject or Sanitize Suspicious Input: Disallow inputs with suspicious patterns, such as trailing dots.
Fixed Code Example
import os
def read_file(filename):
base_directory = '/var/www/app/data'
# Normalize the path to eliminate issues like trailing dots
full_path = os.path.realpath(os.path.join(base_directory, filename))
# Validate that the resolved path is within the base directory
if not full_path.startswith(os.path.realpath(base_directory) + os.sep):
return "Invalid file path."
# Check if the file exists in the normalized path and securely open it
if os.path.exists(full_path):
with open(full_path, 'r') as file:
return file.read()
else:
return "File not found."
Explanation:
- Normalization: The
os.path.realpath()function ensures the file path is resolved to its canonical form, which helps eliminate ambiguities such as redundant separators or trailing dots. - Path Validation: The code checks that the resolved path remains within the base directory, preventing directory traversal attacks.
- Security Check: These checks ensure that only authorized files within the specified directory are accessible, mitigating the path equivalence vulnerability.