Python Django Path Traversal
Description
This detector identifies Django path traversal vulnerabilities where user-controllable input is passed to Django file response functions without proper validation. Path traversal attacks allow attackers to access files outside the intended directory by using sequences like "../" to navigate the file system, potentially exposing sensitive application files, configuration data, or system files.
Detection Strategy
• The detector only activates when Django framework is imported in the analyzed code
• It identifies calls to Django file response functions (like FileResponse, HttpResponse with file operations, or similar file-serving methods)
• A vulnerability is reported when these file response functions receive arguments that contain user input from Django request objects (such as request parameters, form data, or URL path components)
• The user input must flow directly into file path arguments without sufficient validation or sanitization to prevent directory traversal sequences
Vulnerable code example
from django.http import FileResponse
def unsafe_file_download(request):
# VULNERABLE: User input flows directly to FileResponse without validation
filepath = request.GET.get("file")
return FileResponse(filepath) # Path traversal possible✅ Secure code example
from django.http import FileResponse
from werkzeug.utils import secure_filename
import os
def safe_file_download(request):
# SAFE: Sanitize user input to prevent path traversal
filepath = request.GET.get("file")
if not filepath:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.