Path Traversal Vulnerability
Description
A file is opened to read its content. The filename comes from an input parameter. If an unfiltered parameter is passed to this file API, files from an arbitrary filesystem location could be read.
Examples
Insecure Code
scala
def readFile(filename: String) = {
val file = new java.io.File(filename)
// ...
}Secure Code
scala
def readFile(filename: String) = {
val basePath = "/allowed/directory/"
val fileName = java.io.FileNameUtils.getName(filename)
val file = new java.io.File(basePath + fileName)
// ...
}Remediation
Validate and sanitize the input parameter to prevent path traversal attacks. Use a whitelist approach to only allow access to specific directories and files.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0050 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-22 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | path traversal, file inclusion |
| OWASP | A5:2017-Broken Access Control, A01:2021-Broken Access Control |