21 lines
1002 B
Plaintext
21 lines
1002 B
Plaintext
==== Canonical path validation
|
|
|
|
The universal way to avoid filesystem oracle vulnerabilities is to validate paths constructed from untrusted data:
|
|
|
|
1. Ensure the target directory path ends with a forward slash to prevent partial path traversal (see the "Pitfalls" section).
|
|
2. Resolve the canonical path of the file by using methods like `{canonicalization_function}`. This will resolve relative paths or path components like `../` and remove any ambiguity regarding the file's location.
|
|
3. Check that the canonical path is within the directory where the file should be located.
|
|
|
|
*Important Note*: The order of this process pattern is important. The code must
|
|
follow this order exactly to be secure by design:
|
|
|
|
1. `data = transform(user_input);`
|
|
2. `data = normalize(data);`
|
|
3. `data = sanitize(data);`
|
|
4. `use(data);`
|
|
|
|
:tnsu_talk: https://www.youtube.com/watch?v=V-DdcKADnFk
|
|
As pointed out in {tnsu_talk}[this SonarSource talk], failure to follow this
|
|
exact order leads to security vulnerabilities.
|
|
|