Path Traversal Vulnerability
Description
The application dynamically constructs file or path information, which could be abused to read sensitive files, access other users' data, or aid in exploitation to gain further system access if the path information comes from user input.
Examples
Insecure Code
java
String userFileName = request.getParameter("filename");
File file = new File(userFileName);Secure Code
java
UserData userData = new UserData(request.getParameter("filename"));
Path basePath = Paths.get("/var/app/restricted");
Path fullPath = basePath.resolve(userData.getFileName());Remediation
Use a whitelist approach to validate user input and ensure it does not contain malicious path traversal characters. Consider hashing user input or replacing it with unique values and use `Path.resolve` to resolve and validate the path information prior to processing any file functionality.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0712 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-22 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | path traversal, file inclusion |
| OWASP | A5:2017-Broken Access Control, A01:2021-Broken Access Control |