CWE-706: Use of Incorrectly-Resolved Name or Reference
Learn about CWE-706 (Use of Incorrectly-Resolved Name or Reference), its security impact, exploitation methods, and prevention guidelines.
What is Use of Incorrectly-Resolved Name or Reference?
• Overview: This vulnerability occurs when a software application uses a name or reference to access a resource, but due to incorrect resolution, it accesses a resource outside the intended control, leading to potential security risks.
• Exploitation Methods:
- Attackers can manipulate names or references to redirect an application to unauthorized resources.
- Common attack patterns include directory traversal, symbolic link attacks, and manipulation of environment variables or configuration settings.
• Security Impact:
- Direct consequences include unauthorized access to sensitive data or system resources.
- Potential cascading effects involve privilege escalation or data corruption.
- Business impact could be severe, including data breaches, compliance violations, and reputational damage.
• Prevention Guidelines:
- Specific code-level fixes include validating and sanitizing all inputs related to resource names or references.
- Security best practices involve implementing strict access controls and using secure coding standards.
- Recommended tools and frameworks include static analysis tools to detect path traversal vulnerabilities and frameworks that enforce resource access policies.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
import os
def read_file(filename):
# Vulnerable: The filename is directly used to resolve the file path,
# potentially allowing directory traversal attacks.
with open(filename, 'r') as file:
data = file.read()
return data
# Example usage
user_input = "../../etc/passwd" # Dangerous input simulating a directory traversal attack
print(read_file(user_input))
How to fix Use of Incorrectly-Resolved Name or Reference?
To fix the vulnerability, ensure that the file paths are resolved correctly and that user inputs are sanitized. The main goal is to prevent directory traversal attacks by controlling the file paths that can be accessed. This can be achieved by:
- Restricting file access to a specific directory using absolute paths.
- Validating and sanitizing user input to prevent illegal path segments like
... - Using libraries that handle path resolution securely.
Fixed Code Example
import os
def read_file_safe(filename):
# Define a safe directory to restrict file access
safe_directory = os.path.abspath("safe_directory")
# Create the absolute path to the intended file
full_path = os.path.abspath(os.path.join(safe_directory, filename))
# Check if the resolved path is within the safe directory
if not full_path.startswith(safe_directory + os.sep):
raise ValueError("Access to the file is denied.")
with open(full_path, 'r') as file:
data = file.read()
return data
# Example usage with safe input
safe_input = "example.txt" # This should be a valid file within the safe_directory
try:
print(read_file_safe(safe_input))
except ValueError as e:
print(e)
Explanation of Fixes:
- Safe Directory Definition: The fixed code defines a
safe_directoryto limit file access to a specific directory, reducing the risk of accessing unauthorized files. - Path Resolution: It uses
os.path.abspathandos.path.jointo create an absolute path, ensuring that the path is resolved correctly and securely. - Path Validation: The code checks if the resolved path starts with the
safe_directory. This validation prevents directory traversal attacks by ensuring that the file access is confined to the intended directory. - Exception Handling: If the path validation fails, a
ValueErroris raised, effectively blocking access to unauthorized directories. This provides a clear indication of an attempted security breach.