Typescript External Control Of Filename
Description
Detects when file or path names in Express.js applications are controlled by external input without proper validation. This vulnerability could allow attackers to access or manipulate files outside the intended directory through path traversal attacks, potentially exposing sensitive information or modifying critical files.
Detection Strategy
• Identifies file operations where the filename or path is derived from user-controlled input (e.g., request parameters, query strings, or form data)
• Checks if the file path or name is used in file system operations without proper validation or sanitization
• Reports issues when file operations use variables that can be influenced by external user input
• Examines Express.js route handlers and middleware for unsafe file access patterns
• Flags file operations where path components are concatenated with user input without path normalization
Vulnerable code example
const express = require('express');
const fs = require('fs');
const app = express();
app.post('/save', (req, res) => {
const sourceFile = '/tmp/upload.txt';
const targetPath = './files/' + req.query.filename; // Vulnerable: User input directly in path
fs.rename(sourceFile, targetPath, (err) => {...✅ Secure code example
const express = require('express');
const fs = require('fs');
const path = require('path');
const crypto = require('crypto');
const app = express();
app.post('/save', (req, res) => {
const sourceFile = '/tmp/upload.txt';...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.