Typescript Zip Slip Path Traversal
Description
Detects Zip Slip vulnerabilities where untrusted archive files could exploit path traversal sequences to write files outside the intended extraction directory. This vulnerability occurs when file paths from archive entries are not properly sanitized before being used with file system operations like createWriteStream.
Detection Strategy
• Identifies file system write operations using createWriteStream method calls
• Checks if the path parameter passed to createWriteStream comes from an untrusted source like archive file entries
• Reports a vulnerability when file paths are not properly validated or sanitized before being used in write operations
• Focuses on scenarios where archive extraction could allow writing files to arbitrary locations on the filesystem
Vulnerable code example
const AdmZip = require('adm-zip');
const fs = require('fs');
function extractZip(zipPath) {
const zip = new AdmZip(zipPath);
const entries = zip.getEntries();
entries.forEach(entry => {...✅ Secure code example
const AdmZip = require('adm-zip');
const fs = require('fs');
const path = require('path');
function extractZip(zipPath, targetDir) {
const zip = new AdmZip(zipPath);
const entries = zip.getEntries();
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.