asked on

file.writealltext path traversal vulnerability as per fortify scan ..error CWE 022

hello experts,

in my code that got fortify scanned, there was a line file.writealltext(pathparam, strdata)...where pathparam is a combination of filename and current directory set somewhere above in the code. This line came under scanner advising to correct the break. I tried using a small method to validate the pathparam value by wrapping the pathparam value inside getfullpath method and if correctly returned used the same in file writealltext.Stilk the vulnerability exists. Kindly advise best way to fix this, if possible by a sample code. Many Thanks.

Alfredo Luis Torres Serrano

Directory Traversal or Path Traversal is an HTTP exploit that allows an attacker to access restricted files, directories and commands that reside outside the web server’s root directory. It is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking.

These kind of attacks are commonly performed using web browsers.

pathparam variable contains "..\ ..\ ..\test" . thus pathparam variable is something like "..\ ..\ test_DATA_DATA.pdf" . When you try to create that file with writealltext(pathparam) function. That may lead to create this file at out out directory.

For mitigate you can replace backslash with empty too ( ..%2f..%2f is encoded form of ..\ ..\ ! please, consider this too ) . Fortify can mark this codes as a vulnerable again but this time it will be false positive.

Hope this helps

Devildib

ASKER

can you please provide a smaple..say two liner tonshow how encoding would hapoen and how to use the encoded value in place of the pathparam?

Devildib

ASKER

also to mention...its a c# windows application that i am working upon

ASKER CERTIFIED SOLUTION

Alfredo Luis Torres Serrano

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial