gitlab.find_sec_bugs.PATH_TRAVERSAL_IN-1

unknown
Download Count*
MIT
License

A file is opened to read its content. The filename comes from an input parameter. If an unfiltered parameter is passed to this file API, files from an arbitrary filesystem location could be read. This rule identifies potential path traversal vulnerabilities. In many cases, the constructed file path cannot be controlled by the user.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: find_sec_bugs.PATH_TRAVERSAL_IN-1
    mode: taint
    pattern-sources:
      - patterns:
          - pattern-inside: |
              $FUNC(String[] $ARGS) {
                ...
              }
          - pattern: $ARGS[$IDX]
      - patterns:
          - pattern-inside: |
              $FUNC(..., String $VAR, ...) {
                ...
              }
          - pattern: $VAR
    pattern-sanitizers:
      - pattern: org.apache.commons.io.FilenameUtils.getName(...)
    pattern-sinks:
      - patterns:
          - pattern-inside: |
              $U = new java.net.URI($VAR)
          - pattern-either:
              - pattern-inside: new java.io.File($U)
              - pattern-inside: java.nio.file.Paths.get($U)
          - pattern: $VAR
      - patterns:
          - pattern-inside: new java.io.RandomAccessFile($INPUT,...)
          - pattern: $INPUT
      - pattern: new java.io.FileReader(...)
      - pattern: new javax.activation.FileDataSource(...)
      - pattern: new java.io.FileInputStream(...)
      - patterns:
          - pattern-either:
              - pattern-inside: new java.io.File(...,(String $VAR), ...)
              - pattern-inside: java.nio.file.Paths.get(...,(String $VAR),...)
              - pattern-inside: java.io.File.createTempFile(...,(String $VAR), ...)
              - pattern-inside: java.io.File.createTempDirectory(...,(String $VAR),...)
              - pattern-inside: java.nio.file.Files.createTempFile(..., (String $VAR), ...)
              - pattern-inside: java.nio.file.Files.createTempDirectory(..., (String $VAR), ...)
          - pattern: $VAR
    message: >
      A file is opened to read its content. The filename comes from an input
      parameter. If an

      unfiltered parameter is passed to this file API, files from an arbitrary filesystem location

      could be read. This rule identifies potential path traversal vulnerabilities. In many cases,

      the constructed file path cannot be controlled by the user.
    languages:
      - java
    severity: ERROR
    metadata:
      category: security
      cwe: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path
        Traversal')"
      technology:
        - java
      primary_identifier: find_sec_bugs.PATH_TRAVERSAL_IN-1
      secondary_identifiers:
        - name: Find Security Bugs-PATH_TRAVERSAL_IN
          type: find_sec_bugs_type
          value: PATH_TRAVERSAL_IN
      license: MIT