Path Traversal Vulnerability
Description
A file is opened to read its content. The filename comes from an input parameter. If an unfiltered parameter is passed to this file API, files from an arbitrary filesystem location could be read.
Examples
Insecure Code
scala
val filename = request.getParameter("filename")
val file = new File(FilenameUtils.normalize(filename))Secure Code
scala
val allowedExtensions = List("txt", "pdf")
val filename = request.getParameter("filename")
if (allowedExtensions.contains(FilenameUtils.getExtension(filename))) {
val file = new File(FilenameUtils.normalize(filename))
} else {
// handle error
}Remediation
Validate and sanitize the input parameter to prevent path traversal attacks. Use a whitelist approach to only allow specific, expected file paths.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0037 |
| Category | AccessControl |
| Severity | MEDIUM |
| CWE | CWE-22 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | path traversal, file inclusion |
| OWASP | A5:2017-Broken Access Control, A01:2021-Broken Access Control |