21 lines
1.1 KiB
Plaintext
21 lines
1.1 KiB
Plaintext
==== Canonical path validation
|
|
|
|
If it is impossible to use secure-by-design APIs that do this automatically, the universal way to prevent path injection is to validate paths constructed from untrusted data:
|
|
|
|
1. Ensure the target directory path ends with a forward slash to prevent partial path traversal, for example, `/base/dirmalicious` starts with `/base/dir` but does not start with `/base/dir/`.
|
|
2. Resolve the canonical path of the file by using methods like `{canonicalization_function}`. This will resolve relative path or path components like `../` and removes any ambiguity regarding the file's location.
|
|
3. Check that the canonical path is within the directory where the file should be located.
|
|
|
|
*Important Note*: The order of this process pattern is important. The code must
|
|
follow this order exactly to be secure by design:
|
|
|
|
1. `data = transform(user_input);`
|
|
2. `data = normalize(data);`
|
|
3. `data = sanitize(data);`
|
|
4. `use(data);`
|
|
|
|
:tnsu_talk: https://www.youtube.com/watch?v=V-DdcKADnFk
|
|
As pointed out in {tnsu_talk}[this SonarSource talk], failure to follow this
|
|
exact order leads to security vulnerabilities.
|
|
|