Python Starlette Path Traversal
Description
This detector identifies path traversal vulnerabilities in Python applications using the Starlette web framework. It specifically targets FileResponse calls where user-controlled input is passed to the 'path' parameter, which could allow attackers to access files outside the intended directory structure.
Detection Strategy
• The application imports the Starlette web framework (import starlette)
• Code uses starlette.responses.FileResponse or its alias (like FileResponse) to serve files
• The 'path' parameter of FileResponse contains user-controlled input from Starlette request objects
• User input flows directly to the file path without proper validation or sanitization
Vulnerable code example
from starlette.applications import Starlette
from starlette.requests import Request
from starlette.responses import FileResponse
app = Starlette(routes=[])
async def unsafe_file_handler(request: Request):
# VULNERABLE: User input from query parameter flows directly to FileResponse...✅ Secure code example
from starlette.applications import Starlette
from starlette.requests import Request
from starlette.responses import FileResponse
from werkzeug.utils import secure_filename
import os
app = Starlette(routes=[])
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.