Corgea LogoCorgea Security Hub

CWE-73: External Control of File Name or Path

Learn about CWE-73 (External Control of File Name or Path), its security impact, exploitation methods, and prevention guidelines.

What is External Control of File Name or Path?

• Overview: CWE-73, External Control of File Name or Path, occurs when user input influences file or path names in filesystem operations, potentially allowing unauthorized access or changes to important files.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by injecting their own file paths into inputs that are used in file operations.
  • Common attack patterns include directory traversal (e.g., using "../" sequences to access parent directories) and path injection to manipulate file access.

• Security Impact:

  • Direct consequences include unauthorized file access, modification, or deletion.
  • Potential cascading effects could involve system compromise, data breaches, or application failure.
  • Business impact might include loss of sensitive information, legal liabilities, and damage to reputation.

• Prevention Guidelines:

  • Specific code-level fixes include validating and sanitizing all user inputs that are used in file operations to ensure they do not contain harmful characters or sequences.
  • Security best practices involve employing strong input validation, using fixed path names where possible, and avoiding direct concatenation of user input in paths.
  • Recommended tools and frameworks include static analysis tools to detect path manipulation vulnerabilities and frameworks with built-in security features for handling file paths safely.
Corgea can automatically detect and fix External Control of File Name or Path in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: High

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

Certainly! Let's refine the provided code examples to address the issues mentioned and ensure they clearly demonstrate the CWE-73 vulnerability and its fix. I'll also correct any formatting issues and improve the explanations.

import os

def read_user_file(filename):
    # Vulnerable to CWE-73: External Control of File Name or Path
    # This allows an attacker to specify arbitrary paths, potentially accessing sensitive files
    with open(filename, 'r') as file:
        return file.read()

# Example usage
user_input = input("Enter the filename to read: ")
file_content = read_user_file(user_input)
print(file_content)

Explanation:

  • The read_user_file function takes a filename as input and directly opens it. This is vulnerable to path traversal attacks, where an attacker could input something like ../../etc/passwd to access sensitive files outside the intended directory.

How to fix External Control of File Name or Path?

To mitigate this vulnerability, we should:

  1. Validate Input: Ensure that the input filename does not contain any path traversal sequences such as ../.
  2. Restrict File Access to a Specific Directory: Limit the accessible files to a specific directory by constructing the path safely.
  3. Use Secure Libraries or Functions: Utilize libraries or functions that handle path sanitization and validation.

Fixed Code Example

import os

def read_user_file_safe(filename):
    # Define a safe directory for file access
    safe_dir = "/safe_directory"
    
    # Normalize the path to prevent path traversal
    safe_path = os.path.normpath(os.path.join(safe_dir, filename))
    
    # Check if the calculated safe_path is within the allowed directory
    if not os.path.commonpath([safe_dir, safe_path]) == os.path.abspath(safe_dir):
        raise ValueError("Attempt to access a file outside the allowed directory.")
    
    # Safely open the file
    with open(safe_path, 'r') as file:
        return file.read()

# Example usage
user_input = input("Enter the filename to read: ")
try:
    file_content = read_user_file_safe(user_input)
    print(file_content)
except ValueError as e:
    print(f"Error: {e}")

Explanation:

  • The os.path.normpath function is used to normalize the path, which helps in eliminating any ../ sequences.
  • os.path.join safely constructs the path by combining the safe directory and the user-provided filename.
  • os.path.commonpath is used to ensure that the resolved path is within the intended directory, preventing path traversal by comparing the common path of the safe directory and the resolved path.
  • This approach effectively restricts file access to the specified directory, mitigating the risk of accessing unauthorized files.

By following these steps, the code is protected against path traversal attacks, ensuring that only files within the designated directory can be accessed.

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-73: External Control of File Name or Path and get remediation guidance

Start for free and no credit card needed.