-
Notifications
You must be signed in to change notification settings - Fork 734
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Site updated at Thu Jan 25 05:10:36 PM PST 2024
- Loading branch information
1 parent
029a9e5
commit ef9c11c
Showing
3 changed files
with
196 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,194 @@ | ||
|
|
||
| <!DOCTYPE html> | ||
| <!--[if IEMobile 7 ]><html class="no-js iem7"><![endif]--> | ||
| <!--[if lt IE 9]><html class="no-js lte-ie8"><![endif]--> | ||
| <!--[if (gt IE 8)|(gt IEMobile 7)|!(IEMobile)|!(IE)]><!--><html class="no-js" lang="en"><!--<![endif]--> | ||
| <head> | ||
| <meta charset="utf-8"> | ||
| <title>Brakeman: Path Traversal</title> | ||
| <meta name="description" content="Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications."/> | ||
|
|
||
| <!-- http://t.co/dKP3o1e --> | ||
| <meta name="HandheldFriendly" content="True"> | ||
| <meta name="MobileOptimized" content="320"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1"> | ||
|
|
||
| <meta name="keywords" content="brakeman,ruby on rails,security,scanner,vulnerabilities,static analysis"/> | ||
|
|
||
| <link rel="canonical" href="https://brakemanscanner.org/docs/warning_types/path_traversal/"/> | ||
| <link href="/favicon.png" rel="shortcut icon" /> | ||
| <link href="/stylesheets/screen.css" media="screen, projection" rel="stylesheet" type="text/css"> | ||
| <script src="/javascripts/modernizr-2.0.js"></script> | ||
| <script src="/javascripts/octopress.js" type="text/javascript"></script> | ||
| <link href="feed.xml" rel="alternate" title="Brakeman" type="application/atom+xml"/> | ||
|
|
||
|
|
||
|
|
||
|
|
||
| <!--Fonts from Google's Web font directory at http://google.com/webfonts --> | ||
| <link href='https://fonts.googleapis.com/css?family=PT+Serif:regular,italic,bold,bolditalic' rel='stylesheet' type='text/css'> | ||
| <link href='https://fonts.googleapis.com/css?family=PT+Sans:regular,italic,bold,bolditalic' rel='stylesheet' type='text/css'> | ||
| <script language="javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js" type="text/javascript"></script> | ||
| <script src="/javascripts/jquery.github_badge.js"></script> | ||
| <meta property="twitter:account_id" content="23978537" /> | ||
|
|
||
| <meta name="twitter:card" content="summary" /> | ||
| <meta name="twitter:site" content="@brakeman" /> | ||
| <meta name="twitter:title" content="Brakeman - Path Traversal" /> | ||
| <meta name="twitter:description" content="Brakeman Static Analysis Security Scanner for Ruby on Rails" /> | ||
| <meta name="twitter:image" content="https://brakemanscanner.org/images/brakeman_logo_dark.png" /> | ||
|
|
||
| </head> | ||
|
|
||
| <body > | ||
| <header><hgroup> | ||
| <h1><a href="/">Brakeman</a></h1> | ||
|
|
||
| <h2>Ruby on Rails Static Analysis Security Tool</h2> | ||
|
|
||
| </hgroup> | ||
|
|
||
| </header> | ||
| <nav role=navigation><ul role=subscription data-subscription="rss"> | ||
| <li><a href="feed.xml" rel="subscribe-rss" title="subscribe via RSS">RSS</a></li> | ||
|
|
||
| </ul> | ||
| <form action="" method="get"> | ||
| <fieldset role="site-search"> | ||
| <input type="hidden" name="q" value="site:https://brakemanscanner.org" /> | ||
| <input class="search" type="text" name="q" results="0" placeholder="Search"/> | ||
| </fieldset> | ||
| </form> | ||
| <ul role=main-navigation> | ||
| <li><a href="/">Home</a></li> | ||
| <li><a href="/docs">Documentation</a></li> | ||
| <li><a href="https://github.com/presidentbeef/brakeman">Source</a></li> | ||
| <li><a href="/docs/contributing">Contributing</a></li> | ||
| <li><a href="/brakeman_users">Users</a></li> | ||
| <li><a href="/contact">Contact</a></li> | ||
| </ul> | ||
|
|
||
| </nav> | ||
| <div id="main"> | ||
| <div id="content"> | ||
| <div> | ||
| <article> | ||
|
|
||
| <header> | ||
| <h1 class="entry-title">Path Traversal</h1> | ||
| </header> | ||
|
|
||
| <p>Path traversal vulnerabilities allow an attacker to access or manipulate files outside the intended | ||
| directory by providing specially crafted paths as input to read or write sensitive data. This can occur when | ||
| improperly handling user-supplied input in filesystem-related operations such as image uploads, dynamic content loading, and user file downloads.</p> | ||
|
|
||
| <p>An attacker could exploit a path traversal vulnerability to:</p> | ||
|
|
||
| <ul> | ||
| <li>Read sensitive files, including configuration files or other data containing credentials or encryption keys.</li> | ||
| <li>Write files into restricted directories that enables code injection or privilege escalation.</li> | ||
| <li>Download or delete critical system files.</li> | ||
| <li>Gain access to user data and perform unauthorized actions.</li> | ||
| </ul> | ||
|
|
||
| <h2 id="example">Example</h2> | ||
|
|
||
| <div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># `params[:file][:path]` could contain "../../../../../etc/passwd", e.g.</span> | ||
|
|
||
| <span class="n">send_file</span> <span class="no">File</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="s1">'some'</span><span class="p">,</span> <span class="s1">'path'</span><span class="p">,</span> <span class="n">params</span><span class="p">[</span><span class="ss">:file</span><span class="p">][</span><span class="ss">:path</span><span class="p">])</span> | ||
| </code></pre></div></div> | ||
|
|
||
| <h2 id="pathname-confusion">Pathname Confusion</h2> | ||
|
|
||
| <p><code class="language-plaintext highlighter-rouge">Pathname#join</code> has some confusing behavior: <em>any</em> absolute path segment (e.g. starting with <code class="language-plaintext highlighter-rouge">/</code>) causes the path to be absolute from that point.</p> | ||
|
|
||
| <p>Example:</p> | ||
|
|
||
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>> Pathname.new('a').join("a", "b", "/c", "d") | ||
| => #<Pathname:/c/d> | ||
| </code></pre></div></div> | ||
|
|
||
| <p>Note that <code class="language-plaintext highlighter-rouge">Rails.root</code> is a <code class="language-plaintext highlighter-rouge">Pathname</code>.</p> | ||
|
|
||
| <p>Exercise extreme caution when passing user-provided input to this function.</p> | ||
|
|
||
| <hr /> | ||
| <p>Back to <a href="/docs/warning_types">Warning Types</a></p> | ||
|
|
||
|
|
||
| <footer> | ||
| <p class="meta"> | ||
|
|
||
|
|
||
| </p> | ||
| </footer> | ||
|
|
||
| </article> | ||
|
|
||
| </div> | ||
|
|
||
| <aside role=sidebar> | ||
| <section> | ||
| <p></p> | ||
| <p>Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.</p> | ||
| <p><a href="/docs/quickstart">Get started!</a></p> | ||
| </section> | ||
|
|
||
| <section> | ||
| <script type='text/javascript'> | ||
| $(document).ready(function(){ | ||
| $("#github").GitHubBadge({ | ||
| login: "presidentbeef", | ||
| kind: "project", | ||
| repo_name: "brakeman", | ||
| include_github_logo: false, | ||
| image_path: "", | ||
| commit_count: "1", | ||
| issue_count: "0", | ||
| repo_count: "0" | ||
| }); | ||
| }); | ||
| </script> | ||
| <div id="github"></div> | ||
| <a href="https://dl.circleci.com/status-badge/redirect/gh/presidentbeef/brakeman/tree/main"><img src="https://dl.circleci.com/status-badge/img/gh/presidentbeef/brakeman/tree/main.svg?style=svg" /></a> | ||
| </section> | ||
|
|
||
| <section> | ||
| <h1>Recent Posts</h1> | ||
| <ul id="recent_posts"> | ||
|
|
||
| <li class="post"> | ||
| <a href="/blog/2023/12/04/brakeman-6-dot-1-dot-0-released">Brakeman 6.1.0 Released</a> | ||
| </li> | ||
|
|
||
| <li class="post"> | ||
| <a href="/blog/2023/07/20/brakeman-6-dot-0-dot-1-released">Brakeman 6.0.1 Released</a> | ||
| </li> | ||
|
|
||
| <li class="post"> | ||
| <a href="/blog/2023/05/24/brakeman-6-dot-0-released">Brakeman 6.0.0 Released</a> | ||
| </li> | ||
|
|
||
| <li class="post"> | ||
| <a href="/blog/2023/02/21/brakeman-5-dot-4-dot-1-released">Brakeman 5.4.1 Released</a> | ||
| </li> | ||
|
|
||
| <li class="post"> | ||
| <a href="/blog/2022/11/17/brakeman-5-dot-4-dot-0-released">Brakeman 5.4.0 Released</a> | ||
| </li> | ||
|
|
||
| </ul> | ||
| </section> | ||
|
|
||
| </aside> | ||
|
|
||
|
|
||
| </div> | ||
| </div> | ||
| <footer><p> | ||
| <span class="credit">Powered by <a href="http://octopress.org">Octopress</a> | <a href="/content_license">Content license</a></span> | ||
| </p> | ||
|
|
||
| </footer> | ||
| </body> | ||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters