Python Send File Path Traversal
Description
Detects potential path traversal vulnerabilities in Python applications using send_file() where user-controlled input could be used to access files outside the intended directory. This could allow attackers to read sensitive files from unauthorized locations on the server filesystem.
Detection Strategy
• Check for calls to send_file() function in the application code
• Verify if the filename/path parameter passed to send_file() contains user-controlled input
• Analyze if the user input is properly sanitized or validated before being used in the file path
• Report a vulnerability if user input can influence the file path without proper path sanitization or validation
Vulnerable code example
from flask import request, send_file
def serve_file():
user_file = request.args.get('file')
# Vulnerable: Direct user input in file path enables path traversal
return send_file(f"data/{user_file}")✅ Secure code example
from flask import request, send_from_directory
import os.path
def serve_file():
user_file = request.args.get('file')
if not user_file or '..' in user_file:
return "Invalid file", 400
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.