Path Traversal Vulnerability
Description
The application dynamically constructs file or path information, which could be abused to read sensitive files, access other users' data, or aid in exploitation to gain further system access if the path information comes from user input.
Examples
Insecure Code
c#
string userFilename = "..\\test.txt"; System.IO.File.WriteAllText(userFilename, "Hello World");Secure Code
c#
string basePath = "C:\\Restricted\\"; string fullPath = Path.GetFullPath(basePath + Guid.NewGuid()); if (!fullPath.StartsWith(basePath)) { Console.WriteLine("Invalid path specified!"); return; } System.IO.File.WriteAllText(fullPath, "Hello World");Remediation
Use a whitelist approach to validate user input and ensure it conforms to expected formats. Consider hashing user input or replacing it with unique values and use `System.IO.Path.GetFullPath` to resolve and validate the path information prior to processing any file functionality.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0457 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-22 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | path traversal, file system |
| OWASP | A5:2017-Broken Access Control, A01:2021-Broken Access Control |