logo

Database

Elixir Untrusted Input Path Traversal

Description

This detector identifies path traversal vulnerabilities in Elixir code where untrusted user input is used in file operations without proper sanitization. Attackers can exploit this to access files outside the intended directory by using path sequences like "../" to traverse up the directory structure.

Weakness:

063 - Lack of data validation - Path Traversal

Category: Unexpected Injection

Detection Strategy

    The scanner examines function calls that perform file operations (such as File.read, File.write, Path.expand, etc.)

    It identifies the path parameter being passed to these file operation functions

    The scanner traces the data flow of the path parameter backwards to determine its source

    A vulnerability is reported when the path parameter originates from user-controlled input (HTTP requests, form data, URL parameters, etc.) and there is no sanitization or validation applied to prevent directory traversal sequences like '../'

Vulnerable code example

defmodule PathTraversalExample do
  import Plug.Conn

  def vulnerable_read(conn) do
    filename = conn.params["file"]
    # VULNERABLE: User input directly passed to File.read - allows path traversal
    File.read(filename)
  end...

✅ Secure code example

defmodule PathTraversalExample do
  import Plug.Conn

  @base_dir "priv/static/uploads"

  def vulnerable_read(conn) do
    filename = 
      conn.params["file"]...