logo

Database

Elixir Write Path Traversal

Description

This detector identifies path traversal vulnerabilities in Elixir file write operations. It finds cases where user-controlled input flows to file system write functions without proper sanitization, allowing attackers to write files outside intended directories by using relative path sequences like "../".

Weakness:

270 - Insecure functionality - File Creation

Category: Functionality Abuse

Detection Strategy

    Identifies function calls that perform file write operations (matching known file sink patterns)

    Extracts the destination parameter from the file write function call

    Traces data flow from the destination parameter backwards to determine if it originates from user input

    Reports a vulnerability when user-controlled data reaches a file write operation without proper path sanitization

Vulnerable code example

defmodule PathTraversalController do
  import Plug.Conn

  def vulnerable_write(conn) do
    filename = conn.params["filename"]
    
    # VULNERABLE: User-controlled filename reaches File.write!/2 without path validation
    File.write!("uploads/" <> filename, "content")...

✅ Secure code example

defmodule PathTraversalController do
  import Plug.Conn

  @base_dir "uploads"

  def vulnerable_write(conn) do
    filename = conn.params["filename"]
    ...