Typescript Path Traversal Vulnerability

Description

Detects insecure path traversal vulnerabilities where user-controlled input could be used to access files outside of the intended directory structure. This vulnerability allows attackers to read or manipulate unauthorized files through directory traversal sequences like '../' in file paths.

Weakness:

063 - Lack of data validation - Path Traversal

Category: Unexpected Injection

Detection Strategy

• Check for file operations that accept dynamic or user-controlled file paths as input

• Look for string operations or concatenations involving file paths without proper sanitization

• Identify file access operations where path parameters could contain directory traversal sequences

• Verify if there are any security controls validating or sanitizing the file path input

• Flag cases where file paths are directly used without canonicalization or path validation

Vulnerable code example

const fs = require('fs');

function readUserFile(userInput) {
    const filePath = __dirname + userInput;  // Vulnerable: Direct path concatenation with user input
    return fs.readFileSync(filePath);
}

✅ Secure code example

const fs = require('fs');
const path = require('path');

function readUserFile(userInput) {
    // Resolve full path and normalize it to prevent path traversal
    const fullPath = path.resolve(__dirname, userInput);
    
    // Only allow access to files within a specific directory...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.