The rule “Avoid path traversal” is crucial to prevent unauthorized file access and potential data breaches in your application. Path traversal vulnerabilities occur when an attacker is able to manipulate a file path used in an operation, typically with ‘..’ sequences, to access files outside of the intended directory. This can lead to sensitive data exposure, unauthorized data modification or even code execution in some cases.
It is important because an attacker could potentially read, write, or delete sensitive files on the server, leading to a serious breach of data security. The severity of a path traversal attack can vary from information disclosure to complete system compromise depending on the system privileges of the application being attacked.
How to remediate
Never use user input to form a file path, always use constant or server-generated values. If user input must be used in file paths, it should be properly sanitized to remove any ‘..’ sequences or similar path navigation constructs. Also, using a whitelist of acceptable inputs is a strong defensive option. Always adhere to the principle of least privilege when setting access permissions for files and directories.
Non-Compliant Code Examples
usingMicrosoft.AspNetCore.Mvc;usingMicrosoft.AspNetCore.Http;usingSystem.IO;usingSystem.Web;usingSystem.Text;namespaceControllers{publicclassVulnerableController:Controller{privatereadonlystring_rootPath;publicVulnerableController(stringrootPath){_rootPath=rootPath;} [HttpPost("/path-test")]publicIActionResultPost(){// Get parameter from cookiesstringparam="defaultValue";if(Request.Cookies!=null){foreach(varcookieinRequest.Cookies){if(cookie.Key.Equals("TestCookie")){param=HttpUtility.UrlDecode(cookie.Value,Encoding.UTF8);break;}}}// Vulnerable: User input directly in Path.CombinestringfileName=Path.Combine(_rootPath,"files",param);// Use the unsafe valueFileStreamfs=null;try{fs=newFileStream(fileName,FileMode.Open);// Read file...}catch(Exceptione){// Handle error...}finally{fs?.Close();}returnOk();}}}
Compliant Code Examples
usingMicrosoft.AspNetCore.Mvc;usingMicrosoft.AspNetCore.Http;usingSystem.IO;usingSystem.Web;usingSystem.Text;namespaceControllers{publicclassSafeController:Controller{ [HttpPost("/path-test")]publicIActionResultPost(){// Get parameter from cookiesstringparam="defaultValue";if(Request.Cookies!=null){foreach(varcookieinRequest.Cookies){if(cookie.Key.Equals("TestCookie")){param=HttpUtility.UrlDecode(cookie.Value,Encoding.UTF8);break;}}}// Safe: Uses ternary that always evaluates to a constantstringfilePath=(7*18)+106>200?"safe_constant_filename":param;// Use the safe valueFileStreamfs=null;try{stringfullPath=Constants.FILES_DIR+filePath;fs=newFileStream(fullPath,FileMode.Open);// Read file...}catch(Exceptione){// Handle error...}finally{fs?.Close();}returnOk();}}publicstaticclassConstants{publicstaticstringFILES_DIR="files/";}}
シームレスな統合。 Datadog Code Security をお試しください
Datadog Code Security
このルールを試し、Datadog Code Security でコードを解析する
このルールの使用方法
1
2
rulesets:- csharp-security # Rules to enforce C# security.