GithubJoin us on SlackJoin us on Discord
Search…
Introduction to OpenRewrite
Getting Started
Quickstart: Maven and Gradle
Recipe Development Environment
Tutorials & Guides
Recipe Testing
Common Static Analysis Issue Remediation
Automatically Fix Checkstyle Violations
Migrate to Java 11 from Java 8
Migrate to JUnit 5 from JUnit 4
Migrate to Spring Boot 2 from Spring Boot 1
Migrate to Quarkus 2 from Quarkus 1
Migrate to Micronaut 3 from Micronaut 2
Migrate to SLF4J from Log4j
Use SLF4J Parameterized Logging
Writing a Java Refactoring Recipe
Modifying Methods with JavaTemplate
Refactoring with Declarative YAML Recipes
Automating Maven Dependency Management
Running Rewrite without build tool plugins
Writing recipes over multiple source file types
Reference
Latest versions of every OpenRewrite module
Maven Plugin Configuration
Gradle Plugin Configuration
JsonPath and JsonPathMatcher Reference
Declarative YAML Format
Method Patterns
Dependency Version Selectors
Recipes
Delete files
Find files
Rename a file
Set File Permission Attributes
Gradle
Hcl
Java
Add ASLv2 license header
Add license header
Add or update annotation attribute
Change method access level
Change method name
Change method target to static
Change method target to variable
Change static field access to static method access
Change type
Delete method argument
Demonstrate rendering of recipe exceptions
Order imports
Randomize tree IDs
Remove annotation
Remove interface implementations
Remove static import
Remove unused imports
Rename package name
Reorder method arguments
Replace constant with literal value
Simplify a call chain
Transform calls to Objects.isNull(..) and Objects.nonNull(..)
Update source positions
Use static import
Uses @RewriteSkip annotation
Cleanup
Format
JHipster
Logging
Micronaut
Modernize
OpenRewrite best practices
Quarkus
Search
Security
Find text-direction changes
Java security best practices
Partial path traversal vulnerability
Secure random
SecureRandom seeds are not constant or predictable
Use Files#createTempDirectory
Use secure temporary file creation
XML parser XXE vulnerability
Zip slip
Marshalling
Search
Spring
Spring
Testing
JSON
Maven
Properties
XML
YAML
CircleCI
Concourse
Github Actions
Kubernetes
Terraform
Concepts & Explanations
Abstract Syntax Trees
Recipes
Visitors
Styles
Environment
Markers
JavaTemplate
Pointcut Expressions
Design Partners
Design Partner 1
Powered By GitBook
Partial path traversal vulnerability
** org.openrewrite.java.security.PartialPathTraversalVulnerability** _Replaces dir.getCanonicalPath().startsWith(parent.getCanonicalPath(), which is vulnerable to partial path traversal attacks, with the more secure dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath()).
To demonstrate this vulnerability, consider "/usr/outnot".startsWith("/usr/out"). The check is bypassed although /outnot is not under the /out directory. It's important to understand that the terminating slash may be removed when using various String representations of the File object. For example, on Linux, println(new File("/var")) will print /var, but println(new File("/var", "/") will print /var/; however, println(new File("/var", "/").getCanonicalPath()) will print /var._

Tags

  • CWE-22

Source

  • groupId: org.openrewrite.recipe
  • artifactId: rewrite-java-security
  • version: 1.14.1

Usage

This recipe has no required configuration options and can be activated directly after taking a dependency on org.openrewrite.recipe:rewrite-java-security:1.14.1 in your build file:
Gradle
Maven
build.gradle
plugins {
id("org.openrewrite.rewrite") version("5.26.1")
}
​
rewrite {
activeRecipe("org.openrewrite.java.security.PartialPathTraversalVulnerability")
}
​
repositories {
mavenCentral()
}
​
dependencies {
rewrite("org.openrewrite.recipe:rewrite-java-security:1.14.1")
}
pom.xml
<project>
<build>
<plugins>
<plugin>
<groupId>org.openrewrite.maven</groupId>
<artifactId>rewrite-maven-plugin</artifactId>
<version>4.31.1</version>
<configuration>
<activeRecipes>
<recipe>org.openrewrite.java.security.PartialPathTraversalVulnerability</recipe>
</activeRecipes>
</configuration>
<dependencies>
<dependency>
<groupId>org.openrewrite.recipe</groupId>
<artifactId>rewrite-java-security</artifactId>
<version>1.14.1</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
</project>
Recipes can also be activated directly from the command line by adding the argument -Drewrite.activeRecipesorg.openrewrite.java.security.PartialPathTraversalVulnerability
Previous
Java security best practices
Next
Secure random
Last modified 13h ago
Export as PDF
Copy link
Outline
Tags
Source
Usage