Java Path Traversal From Cookie
Description
Detects path traversal vulnerabilities where file/directory paths are constructed using cookie values without proper sanitization in Java applications. This could allow attackers to access files outside the intended directory by manipulating cookie values with path traversal sequences like "../".
Detection Strategy
• Identifies method invocations and object creations that handle file/directory paths
• Checks if the path parameter originates from cookie input (e.g., HttpServletRequest.getCookies())
• Verifies if the path manipulation lacks proper validation or sanitization of the cookie value
• Reports a vulnerability when cookie data is directly used in file operations without path validation
Vulnerable code example
import java.io.File;
import java.io.FileInputStream;
import javax.servlet.http.HttpServletRequest;
public class PathTraversalExample {
public void processFile(HttpServletRequest request) {
try {
String userInput = request.getParameter("file");...✅ Secure code example
import java.nio.file.Path;
import java.nio.file.Paths;
import javax.servlet.http.HttpServletRequest;
import java.io.FileInputStream;
public class PathTraversalExample {
private static final Path BASE_DIRECTORY = Paths.get("/data").normalize().toAbsolutePath();
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.