logo

Database

Javascript Zip Slip Path Traversal

Description

Detects ZIP Slip path traversal vulnerabilities in JavaScript applications that could allow attackers to write files outside intended directories during archive extraction. This vulnerability occurs when applications don't properly validate file paths when extracting zip archives, potentially allowing malicious archives to overwrite system files.

Weakness:

063 - Lack of data validation - Path Traversal

Category: Unexpected Injection

Detection Strategy

    Identifies calls to Node.js 'createWriteStream' function that handle file paths

    Checks if the file path parameter passed to createWriteStream comes from an untrusted source (like user input or zip file entries)

    Verifies if the code lacks proper path validation or normalization before writing files

    Reports a vulnerability when file paths from archive entries can influence file write locations without proper validation

Vulnerable code example

const AdmZip = require('adm-zip');
const fs = require('fs');

function extractZip(zipFile) {
    const zip = new AdmZip(zipFile);
    const entries = zip.getEntries();
    entries.forEach(entry => {
        fs.createWriteStream(entry.entryName); // Vulnerable: No path validation allows zip slip attacks...

✅ Secure code example

const AdmZip = require('adm-zip');
const fs = require('fs');
const path = require('path');

function extractZip(zipFile, destinationDir) {
    const zip = new AdmZip(zipFile);
    const entries = zip.getEntries();
    ...