gitlab.find_sec_bugs.FILE_UPLOAD_FILENAME-1

unknown
Download Count*
MIT
License

The filename provided by the FileUpload API can be tampered with by the client to reference unauthorized files. The provided filename should be properly validated to ensure it's properly structured, contains no unauthorized path characters (e.g., / ), and refers to an authorized file.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: find_sec_bugs.FILE_UPLOAD_FILENAME-1
    patterns:
      - pattern-inside: |
          $FUNC(..., HttpServletRequest $REQ, ... ) {
            ...
            $FILES = (ServletFileUpload $SFU).parseRequest($REQ);
            ...
          }
      - pattern-inside: |
          for(FileItem $ITEM : $FILES) {
            ...
          }
      - pattern: $ITEM.getName()
    message: >
      The filename provided by the FileUpload API can be tampered with by the
      client to reference

      unauthorized files. The provided filename should be properly validated to ensure it's properly

      structured, contains no unauthorized path characters (e.g., / \), and refers to an authorized

      file.
    languages:
      - java
    severity: ERROR
    metadata:
      category: security
      cwe: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path
        Traversal')"
      technology:
        - java
      primary_identifier: find_sec_bugs.FILE_UPLOAD_FILENAME-1
      secondary_identifiers:
        - name: Find Security Bugs-FILE_UPLOAD_FILENAME
          type: find_sec_bugs_type
          value: FILE_UPLOAD_FILENAME
      license: MIT