Avatar of Devildib
 asked on

file.writealltext path traversal vulnerability as per fortify scan ..error CWE 022

hello experts,

in my code that got fortify scanned, there was a line file.writealltext(pathparam, strdata)...where pathparam is a combination of filename and current directory set somewhere above in the code. This line came under scanner advising to correct the break. I tried using a small method to validate the pathparam value by wrapping the pathparam value inside getfullpath method and if correctly returned used the same in file writealltext.Stilk the vulnerability exists. Kindly advise best way to fix this, if possible by a sample code. Many Thanks.
.NET ProgrammingC#

Avatar of undefined
Last Comment
Alfredo Luis Torres Serrano

8/22/2022 - Mon
Alfredo Luis Torres Serrano

Directory Traversal or Path Traversal is an HTTP exploit that allows an attacker to access restricted files, directories and commands that reside outside the web server’s root directory. It is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking.

These kind of attacks are commonly performed using web browsers.

pathparam variable contains "..\ ..\ ..\test" . thus pathparam variable is something like "..\ ..\ test_DATA_DATA.pdf" . When you try to create that file with writealltext(pathparam) function. That may lead to create this file at out out directory.

For mitigate you can replace backslash with empty too ( ..%2f..%2f is encoded form of ..\ ..\ ! please, consider this too ) . Fortify can mark this codes as a vulnerable again but this time it will be false positive.

Hope this helps

can you please provide a smaple..say two liner tonshow how encoding would hapoen and how to use the encoded value in place of the pathparam?

also to mention...its a c# windows application that i am working upon
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Alfredo Luis Torres Serrano

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question