Partial path traversal vulnerability

org.openrewrite.java.security.PartialPathTraversalVulnerability

_Replaces dir.getCanonicalPath().startsWith(parent.getCanonicalPath(), which is vulnerable to partial path traversal attacks, with the more secure dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath()).

To demonstrate this vulnerability, consider "/usr/outnot".startsWith("/usr/out"). The check is bypassed although /outnot is not under the /out directory. It's important to understand that the terminating slash may be removed when using various String representations of the File object. For example, on Linux, println(new File("/var")) will print /var, but println(new File("/var", "/") will print /var/; however, println(new File("/var", "/").getCanonicalPath()) will print /var._

Recipe source

GitHub, Issue Tracker, Maven Central

groupId: org.openrewrite.recipe
artifactId: rewrite-java-security
version: 2.5.2

Usage

This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-java-security:2.5.2 in your build file or by running a shell command (in which case no build changes are needed):

Add the following to your build.gradle file:

build.gradle

plugins {
    id("org.openrewrite.rewrite") version("6.11.2")
}

rewrite {
    activeRecipe("org.openrewrite.java.security.PartialPathTraversalVulnerability")
}

repositories {
    mavenCentral()
}

dependencies {
    rewrite("org.openrewrite.recipe:rewrite-java-security:2.5.2")
}

Run gradle rewriteRun to run the recipe.

Create a file named init.gradle in the root of your project.

init.gradle

initscript {
    repositories {
        maven { url "https://plugins.gradle.org/m2" }
    }
    dependencies { classpath("org.openrewrite:plugin:6.11.2") }
}
rootProject {
    plugins.apply(org.openrewrite.gradle.RewritePlugin)
    dependencies {
        rewrite("org.openrewrite.recipe:rewrite-java-security:2.5.2")
    }
    rewrite {
        activeRecipe("org.openrewrite.java.security.PartialPathTraversalVulnerability")
    }
    afterEvaluate {
        if (repositories.isEmpty()) {
            repositories {
                mavenCentral()
            }
        }
    }
}

Run gradle --init-script init.gradle rewriteRun to run the recipe.

Add the following to your pom.xml file:

pom.xml

<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>5.27.0</version>
        <configuration>
          <activeRecipes>
            <recipe>org.openrewrite.java.security.PartialPathTraversalVulnerability</recipe>
          </activeRecipes>
        </configuration>
        <dependencies>
          <dependency>
            <groupId>org.openrewrite.recipe</groupId>
            <artifactId>rewrite-java-security</artifactId>
            <version>2.5.2</version>
          </dependency>
        </dependencies>
      </plugin>
    </plugins>
  </build>
</project>

Run mvn rewrite:run to run the recipe.

shell

mvn -U org.openrewrite.maven:rewrite-maven-plugin:run -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-java-security:RELEASE -Drewrite.activeRecipes=org.openrewrite.java.security.PartialPathTraversalVulnerability

You will need to have configured the Moderne CLI on your machine before you can run the following command.

shell

mod run . --recipe PartialPathTraversalVulnerability

See how this recipe works across multiple open-source repositories

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.

Contributors

Jonathan Leitschuh, Knut Wannheden, Patrick, Jonathan Schnéider

PreviousJava security best practices NextRegular Expression Denial of Service (ReDOS)

Last updated 19 days ago

Tags

Recipe source

Usage

See how this recipe works across multiple open-source repositories

Contributors