checkmarx: Stored Absolute Path Traversal for Files.readAllBytes and Files.readAllLines

444 Views Asked by Jelly At 14 September 2023 at 08:48

I catch "Stored Absolute Path Traversal" for 2 operations in my Java code:

 byte[] buffer = Files.readAllBytes(dir);
                 Files.readAllLines(dir)

Argument dir is created as follows:

 Path dir = Paths.get(Paths.get(base, parts).normalize().toString().replace(" ", "_"));

So, I tried to sanitize path creation, by normalization and replace of empty characters, but this does not work.

Also I tried to apply File(path).getCanonicalPath():

 String canonicalPath;
 String path = Paths.get(base, parts)
    .normalize()
    .toString().replace(" ", "_");
try {
    canonicalPath = new File(path).getCanonicalPath();
} catch (Exception e) {
    throw new RuntimeExceptione);
 }

But with the same effect.

Original Q&A

There are 2 best solutions below

Dhandu Prem Kumar On 14 September 2023 at 08:57

Use the File.getCanonicalPath method to resolve any symbolic links, relative paths, or redundant components in the parts parameter.
Use the File.getAbsolutePath method to get the absolute path of the base parameter.

lrmrt On 06 December 2023 at 14:19

You can try this function to sanitize the path

private static String sanitizePathTraversal(String filename) {
 Path p = Paths.get(filename);
 return p.getFileName().toString();
}

It worked in my case.

Add this function and modify your code like this:

canonicalPath = new File(sanitizePathTraversal(path));

checkmarx: Stored Absolute Path Traversal for Files.readAllBytes and Files.readAllLines

There are 2 best solutions below

Related Questions in SECURITY

Related Questions in CHECKMARX

Related Questions in SAST

Trending Questions

Popular # Hahtags

Popular Questions