Securing File Paths: Preventing Directory Traversal Attacks

Improper handling of file paths can lead to security vulnerabilities known as directory traversal attacks. These vulnerabilities allow an attacker to access arbitrary files on the server.

What is a Directory Traversal Attack?

A directory tr…


This content originally appeared on DEV Community and was authored by Golam_Mostafa

Improper handling of file paths can lead to security vulnerabilities known as directory traversal attacks. These vulnerabilities allow an attacker to access arbitrary files on the server.

What is a Directory Traversal Attack?

A directory traversal attack occurs when an attacker manipulates file paths to access files outside the intended directory. For instance, if an application uses a user-provided file path without validation, an attacker could use a path like ../../etc/passwd to access sensitive files on the server.

Example of a Directory Traversal Attack:

  1. Vulnerable Code:
const filePath = `public/uploads/${req.params.fileName}`;

Imagine you have a file download function that allows users to download files by providing an id. The application might construct the file path directly from the user input.

  1. Malicious Input:
/public/uploads/../../secret.txt

Here an attacker could provide a malicious input like ../../secret.txt, leading to an unintended file access.

  1. Consequences:

If the application does not validate this input, it could expose sensitive files, such as configuration files or user data, to the attacker.

Example of preventing such kind of attacks

import path from 'path';
import fs from 'fs/promises';
import { RequestHandler, NextFunction } from 'express';

// Point: 1
const BASE_DIRECTORY = path.resolve(__dirname, 'public/uploads');

export const downloadAttachment: RequestHandler = async (req, res, next: NextFunction) => {
    // Point: 2
    const { fileName } = req.params; 

    // Point: 3
    const filePath = path.join(BASE_DIRECTORY, fileName);
    const resolvedPath = path.resolve(filePath);

    // Point: 4
    if (!resolvedPath.startsWith(BASE_DIRECTORY)) {
        return res.status(400).json({ message: "Invalid file path" });
    }

    try {
        // Point: 5
        await fs.access(resolvedPath);

        // Point: 6
        res.download(resolvedPath, path.basename(fileName), (err) => {
            if (err) {
                return next(err);
            }
        });
    } catch {
        // Point: 7
        return res.status(404).json({ message: "File not found" });
    }
};

Key Points Explained:

  1. Base Directory Definition: Establishes a fixed directory for file uploads to restrict access.

  2. Extracting File Name: Retrieves the requested file name from the URL parameters.

  3. File Path Construction: Combines the base directory with the requested file name to create a full path.

  4. Path Validation: Ensures that the resolved file path is within the designated base directory to prevent unauthorized access.

  5. File Existence Check: Asynchronously checks if the file exists at the constructed path.

  6. File Download Handling: Initiates the file download and handles any errors that may occur during the process.

  7. Error Handling for Missing Files: Sends a 404 response if the requested file does not exist.

Acknowledgment: This document references information from PortSwigger Web Security and ChatGPT.


This content originally appeared on DEV Community and was authored by Golam_Mostafa


Print Share Comment Cite Upload Translate Updates
APA

Golam_Mostafa | Sciencx (2024-10-21T14:15:13+00:00) Securing File Paths: Preventing Directory Traversal Attacks. Retrieved from https://www.scien.cx/2024/10/21/securing-file-paths-preventing-directory-traversal-attacks/

MLA
" » Securing File Paths: Preventing Directory Traversal Attacks." Golam_Mostafa | Sciencx - Monday October 21, 2024, https://www.scien.cx/2024/10/21/securing-file-paths-preventing-directory-traversal-attacks/
HARVARD
Golam_Mostafa | Sciencx Monday October 21, 2024 » Securing File Paths: Preventing Directory Traversal Attacks., viewed ,<https://www.scien.cx/2024/10/21/securing-file-paths-preventing-directory-traversal-attacks/>
VANCOUVER
Golam_Mostafa | Sciencx - » Securing File Paths: Preventing Directory Traversal Attacks. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/10/21/securing-file-paths-preventing-directory-traversal-attacks/
CHICAGO
" » Securing File Paths: Preventing Directory Traversal Attacks." Golam_Mostafa | Sciencx - Accessed . https://www.scien.cx/2024/10/21/securing-file-paths-preventing-directory-traversal-attacks/
IEEE
" » Securing File Paths: Preventing Directory Traversal Attacks." Golam_Mostafa | Sciencx [Online]. Available: https://www.scien.cx/2024/10/21/securing-file-paths-preventing-directory-traversal-attacks/. [Accessed: ]
rf:citation
» Securing File Paths: Preventing Directory Traversal Attacks | Golam_Mostafa | Sciencx | https://www.scien.cx/2024/10/21/securing-file-paths-preventing-directory-traversal-attacks/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.