Partial path traversal vulnerability
org.openrewrite.java.security.PartialPathTraversalVulnerability
_Replaces dir.getCanonicalPath().startsWith(parent.getCanonicalPath()
, which is vulnerable to partial path traversal attacks, with the more secure dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath())
.
To demonstrate this vulnerability, consider "/usr/outnot".startsWith("/usr/out")
. The check is bypassed although /outnot
is not under the /out
directory. It's important to understand that the terminating slash may be removed when using various String
representations of the File
object. For example, on Linux, println(new File("/var"))
will print /var
, but println(new File("/var", "/")
will print /var/
; however, println(new File("/var", "/").getCanonicalPath())
will print /var
._
Tags
CWE-22
Recipe source
GitHub, Issue Tracker, Maven Central
groupId: org.openrewrite.recipe
artifactId: rewrite-java-security
version: 2.5.2
Usage
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-java-security:2.5.2
in your build file or by running a shell command (in which case no build changes are needed):
Add the following to your
build.gradle
file:
Run
gradle rewriteRun
to run the recipe.
See how this recipe works across multiple open-source repositories
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.
Contributors
Jonathan Leitschuh, Knut Wannheden, Patrick, Jonathan Schnéider
Last updated