- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: php-security/laravel-path-traversal
Language: PHP
Severity: Error
Category: Security
CWE: 22
When path information is derived from untrusted data, it can lead to vulnerabilities such as directory traversal attacks. In such attacks, an attacker can access restricted directories and execute files outside of the web server’s root directory.
Developers should use functions that sanitize the input data before using it to construct a path, use functions for path manipulation, or use allowlists to limit the paths that a user can specify.
<?php
class Foo extends Controller
{
public function __invoke($path)
{
$path = 'path/'.$path;
return response()->download($path);
}
}
Route::get('/items/{page}', function ($page) {
require_once('path/'.$page);
$posts = DB::table($this->table);
$result = $posts->where(['query']);
return view('user.index', ['result', $result]);
});
Route::match(['get', 'post'], '/items/{page}', function ($page) {
include_once('path/'.$page);
$result = DB::table($this->table)->where(['query']);
return view('user.index', ['result', $result]);
});
class Bar {
function handle($request, Closure $next) {
$response = $next($request);
$source = $request->file()->store($request->input('col'));
return $response;
}
}
<?php
class Foo extends Controller
{
public function __invoke($path)
{
$path = sanitize($path);
$fullPath = storage_path('downloads/' . $path);
if (!file_exists($fullPath) || strpos($fullPath, storage_path('downloads')) !== 0) {
abort(404);
}
return response()->download($fullPath);
}
}
Route::get('/items/{item}', function ($item) {
$allowed_files = ['file1.php', 'file2.php'];
if (in_array($item, $allowed_files)) {
include_once(storage_path('includes/' . $item));
} else {
abort(404);
}
$result = DB::table('posts')->where('query', '=', 'value')->get();
return view('user.index', ['result' => $result]);
});
Route::match(['get', 'post'], '/items/{item}', function ($item) {
$allowed_files = ['file1.php', 'file2.php'];
if (in_array($item, $allowed_files)) {
include_once(storage_path('includes/' . $item));
} else {
abort(404);
}
$result = DB::table('posts')->where('query', '=', 'value')->get();
return view('user.index', ['result' => $result]);
});
class Bar {
function handle($request, Closure $next) {
$response = $next($request);
$folder = sanitize($request->input('col'));
if (in_array($folder, ['allowed_folder1', 'allowed_folder2'])) {
$source = $request->file('file')->store($folder);
} else {
abort(403);
}
return $response;
}
function getInfo(Request $request) {
$name = sanitize($request->input('name'));
$remote = $request->file('file');
if (in_array($name, ['allowed_name1', 'allowed_name2'])) {
$source = $remote->store($name);
} else {
abort(403);
}
return process($source);
}
}