OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

SonarQube Java path traversal attack

  • Thread starter Thread starter Vito Karleone
  • Start date Start date
V

Vito Karleone

Guest
I have some method for file deleting. I use SonarQube for static analysis of my code.

The method code:

Code:
private static void removeFile(MyClass someValue) {
    Path filePath = Paths.get(someValue.getRootFolderPath(), someValue.getRelativePath());

    if (!Files.exists(filePath)) {
        LOG.warn("File does not exist", filePath.toAbsolutePath().toString());
        return;
    }

    try {
        Files.delete(filePath.getFileName());
        LOG.debug("File " + someValue.getRelativePath() + " was deleted");
    } catch (Exception e) {
        String excMessage = "some info";
        LOG.warn(excMessage, e);
    }
}

Sonar says:

java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path; reads a file whose location might be specified by user input

I added call of normalize method to prevent path traversal attack.

Code:
Path filePath = Paths.get(someValue.getRootFolderPath(), someValue.getRelativePath()).normalize();

But Sonar still says me about potential path traversal vulnerabilities.

Am I doing something wrong or there is a better solution for preventing such type of attacks which will suits Sonar ?

UPD: Have tried a lot of ways of solving this problem and all of them are wrong by static analysis.

Vulnerable Code:

Code:
Path filePath = Paths.get(FilenameUtils.getName(someValue.getFileName()));
Path filePath = Paths.get("some/path", FilenameUtils.getName(someValue.getFileName()));
Path filePath = Paths.get("some/path", FilenameUtils.getName(fileName));
Path filePath = Paths.get(FilenameUtils.getName(fileName));
File file = new File(someValue.getRootFolderPath(), someValue.getRelativePath());
File file = new File(someValue.getRootFolderPath(), FilenameUtils.getName(someValue.getFileName()));
File file = new File(FilenameUtils.getPath(someValue.getRootFolderPath()), FilenameUtils.getName(someValue.getFileName()));
File file = new File("some/path", FilenameUtils.getName(fileName));
File file = new File(FilenameUtils.getName(fileName));
File file = new File(FilenameUtils.getName("bla-bla-bla"));
<p>I have some method for file deleting. I use SonarQube for static analysis of my code.</p>

<p>The method code:</p>

<pre><code>private static void removeFile(MyClass someValue) {
Path filePath = Paths.get(someValue.getRootFolderPath(), someValue.getRelativePath());

if (!Files.exists(filePath)) {
LOG.warn("File does not exist", filePath.toAbsolutePath().toString());
return;
}

try {
Files.delete(filePath.getFileName());
LOG.debug("File " + someValue.getRelativePath() + " was deleted");
} catch (Exception e) {
String excMessage = "some info";
LOG.warn(excMessage, e);
}
}
</code></pre>

<p>Sonar says:</p>

<blockquote>
<p>java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;
reads a file whose location might be specified by user input</p>
</blockquote>

<p>I added call of <em>normalize</em> method to prevent path traversal attack.</p>

<pre><code>Path filePath = Paths.get(someValue.getRootFolderPath(), someValue.getRelativePath()).normalize();
</code></pre>

<p>But Sonar still says me about potential path traversal vulnerabilities. </p>

<p>Am I doing something wrong or there is a better solution for preventing such type of attacks which will suits Sonar ?</p>

<p><strong>UPD</strong>:
Have tried a lot of ways of solving this problem and all of them are wrong by static analysis.</p>

<p>Vulnerable Code:</p>

<pre><code>Path filePath = Paths.get(FilenameUtils.getName(someValue.getFileName()));
Path filePath = Paths.get("some/path", FilenameUtils.getName(someValue.getFileName()));
Path filePath = Paths.get("some/path", FilenameUtils.getName(fileName));
Path filePath = Paths.get(FilenameUtils.getName(fileName));
File file = new File(someValue.getRootFolderPath(), someValue.getRelativePath());
File file = new File(someValue.getRootFolderPath(), FilenameUtils.getName(someValue.getFileName()));
File file = new File(FilenameUtils.getPath(someValue.getRootFolderPath()), FilenameUtils.getName(someValue.getFileName()));
File file = new File("some/path", FilenameUtils.getName(fileName));
File file = new File(FilenameUtils.getName(fileName));
File file = new File(FilenameUtils.getName("bla-bla-bla"));
</code></pre>
Continue reading...
 

Latest posts

Top