Unsanitized User Input in File Path Traversal

Overview

• Rule ID: javascript_express_path_traversal

• Applicable Languages: Javascript

• Weakness ID: CWE-73

Description

Using unsanitized user input to construct file paths can allow attackers to access files and directories beyond the intended limits. This vulnerability, known as path traversal, poses a significant security risk.

Remediation Guidelines

• Do not directly use user input in file path construction. This can lead to unauthorized file access.

• Do sanitize user input before using it in path resolution. Replace or remove dangerous patterns like ..\.. to prevent directory traversal attacks.

  Copy

  var sanitizedPath = userInput.replace(/^(\.\.(\/|\\|$))+/, '');
  

• Do check for and eliminate any instances of the poison NULL byte (%00) in user input, as it can be used to bypass path sanitization.

  Copy

  if (userInput.indexOf('\0') !== -1) {
    // Handle or reject the input
  }
  

• Do validate the final path to ensure it is within the intended scope before accessing the file system.

References

• OWASP Path Traversal

• CWE-73: External Control of File Name or Path

• OWASP Top 10: A04:2021 - Insecure Design

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL