Typescript Path Traversal Vulnerability Express
Description
Detects path traversal vulnerabilities in Express.js applications where user-controlled input can be used to access files outside the intended directory structure. This vulnerability could allow attackers to read or access sensitive files on the server filesystem by using path traversal sequences like '../'.
Detection Strategy
• Identifies Express.js route handlers and middleware functions that handle file operations
• Checks if user-provided path parameters or query strings are used directly in file system operations without proper sanitization
• Flags cases where path parameters could contain directory traversal sequences that access files outside intended directories
• Reports issues when file paths are constructed using user input without validation or path normalization
Vulnerable code example
const express = require('express');
const fs = require('fs');
const app = express();
app.post('/files', (req, res) => {
const sourceFile = '/tmp/upload.txt';
const fileName = req.body.name; // Attacker-controlled input
// VULN: Path traversal possible via unvalidated fileName in path...✅ Secure code example
const express = require('express');
const fs = require('fs');
const path = require('path');
const crypto = require('crypto');
const app = express();
app.post('/files', (req, res) => {
const sourceFile = '/tmp/upload.txt';...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.