Dart Unsafe Input Path Traversal
Description
Detects unsafe file path handling in Dart applications that could enable directory traversal attacks. This vulnerability occurs when applications use LocalFileSystem or ChrootFileSystem without properly sanitizing file paths, potentially allowing attackers to access files outside the intended directory structure.
Detection Strategy
• Check if code imports 'package:file/local.dart' or 'package:file/chroot.dart' packages
• Look for method invocations using LocalFileSystem or file operations that end with '.file'
• Identify ChrootFileSystem instantiations with unsafe configuration
• Verify if file operation arguments contain user-controlled or unsanitized input
• Flag instances where file paths could be manipulated for directory traversal
Vulnerable code example
import 'package:shelf/shelf.dart';
import 'package:file/local.dart';
Future<Response> handleFileAccess(Request req) async {
// VULNERABLE: Direct use of user input in file path without sanitization
final userPath = req.url.queryParameters['fileName'];
final fs = LocalFileSystem();...✅ Secure code example
import 'package:shelf/shelf.dart';
import 'package:file/local.dart';
import 'package:path/path.dart' as path;
Future<Response> handleFileAccess(Request req) async {
final userPath = req.url.queryParameters['fileName'];
// Validate and sanitize user input...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.