Insecure File Management
Fixing Insecure File Management
About Path Traversal
What is Path Traversal?
Path traversal, also known as directory traversal, is a type of security vulnerability that allows an attacker to access files or directories outside the web root directory of a web application. This vulnerability occurs when a web application does not properly validate user input or user-controlled data, such as file names or paths, and allows directory traversal sequences to be passed through the input.
Check out this video for a high-level explanation:
What is the impact of Path Traversal?
Path Traversal can lead to unauthorized access to sensitive files and data on a server or application. This can include files containing passwords, user data, or other confidential information.
An attacker who successfully exploits a Path Traversal vulnerability can gain access to sensitive data, modify or delete files, and potentially execute arbitrary code or perform other malicious actions.
This can lead to a variety of security incidents, such as data breaches, theft of intellectual property, or disruption of services.
The impact of a Path Traversal vulnerability can vary depending on the nature of the files and data that are accessed, as well as the specific context of the system or application being targeted.
In some cases, a Path Traversal attack may have little impact beyond revealing the existence of certain files, while in other cases, it can have severe consequences for the confidentiality, integrity, and availability of the system or application.
How to prevent Path Traversal?
To prevent Path Traversal vulnerabilities, it is important to properly validate and sanitize user input, and to use secure coding practices.
Here are some steps that can help prevent Path Traversal attacks:
- Validate user input: Always validate and sanitize user input, especially file names and paths. Ensure that user input only contains expected characters and that any special characters are properly escaped or removed.
- Use secure coding practices: Use secure coding practices, such as enforcing strict file permissions and preventing the execution of user-controlled input as code. Use libraries and frameworks that have built-in protection against Path Traversal attacks.
- Use an allow list: Use an allow list of permitted file names or directories and reject any input that does not match the list. This can help prevent unauthorized access to sensitive files and directories.
- Implement access controls: Implement access controls to restrict user access to files and directories based on roles and permissions.
- Use server-side checks: Use server-side checks to verify that any requested file or directory is within the expected range and does not contain any invalid or unexpected characters.
- Monitor and log: Monitor and log all file system access to detect any suspicious activity or attempts to access files or directories outside of the expected range.
By following these steps, you can help prevent Path Traversal vulnerabilities and reduce the risk of unauthorized access to sensitive files and data.
References
Taxonomies
- OWASP Top 10 - A01 Broken Access Control
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-23: Relative Path Traversal
- CWE-36: Absolute Path Traversal
Explanation & Prevention
- OWASP: Path Traversal
- OWASP: File Upload Cheat Sheet
- OWASP: Input Validation Cheat Sheet
- CAPEC-126: Path Traversal
- WASC-33: Path Traversal
Related CVEs
Training
Untrusted archive extraction (tarfile)
This rule detects untrusted archives being passed to the Python tarfile module extract() and extractall() functions.
Unless custom logic exists to validate the files in the archive, these functions are vulnerable to arbitrary file overwrites.
Rule-specific references:
- Python - tarfile.extractall() docs
- tarfile insecure pathname extraction
- Unpatched 15-year old Python bug allows code execution in 350k projects
- Understand the path traversal bug in Python’s tarfile module
Option A: Inspect the tarfile members
Never extract archives from untrusted sources without prior inspection. Files may be created outside of the path, e.g. members that have absolute filenames starting with "/" or filenames with two dots "..". The tarfile supports obtaining filenames with methods such as:
tarfile.getmembers()tarfile.getmember()tarfile.getnames()
Note: Due to the complexity of this vulnerability, this rule currently does not detect secure implementations. Please mark issues as 'false positives', or 'fixed' in the GuardRails dashboard.