Javascript Path Traversal Vulnerability Express
Description
Detects path traversal vulnerabilities in Express.js applications where user-controlled input could be used to access files outside the intended directory structure. This can lead to unauthorized access to sensitive files on the server filesystem when path parameters are not properly sanitized.
Detection Strategy
• Identifies Express.js route handlers and file operation functions that process path parameters
• Checks if path parameters from user input (like req.params, req.query) flow into file operations without proper sanitization
• Reports a vulnerability if path parameters could contain '../' sequences or other directory traversal patterns without validation
• Examines file access operations like fs.readFile, fs.createReadStream where paths are constructed from user input
Vulnerable code example
const express = require('express');
const fs = require('fs');
const app = express();
app.post('/upload', (req, res) => {
const fileName = req.query.name; // User-controlled input
// VULN: Path traversal - concatenating user input into file path
fs.readFile(__dirname + '/uploads/' + fileName, (err, data) => {...✅ Secure code example
const express = require('express');
const path = require('path');
const fs = require('fs');
const app = express();
app.post('/upload', (req, res) => {
const fileName = req.query.name;
// Prevent path traversal by using path.basename to strip directory components...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.