Avoid path traversal

Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST Rules > Avoid path traversal

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: csharp-security/path-traversal

Language: C#

Severity: Error

Category: Security

CWE: 22

Description

No description found

Non-Compliant Code Examples

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Http;
using System.IO;
using System.Web;
using System.Text;

namespace Controllers
{
    public class VulnerableController : Controller
    {
        private readonly string _rootPath;

        public VulnerableController(string rootPath)
        {
            _rootPath = rootPath;
        }

        [HttpPost("/path-test")]
        public IActionResult Post()
        {
            // Get parameter from cookies
            string param = "defaultValue";
            if (Request.Cookies != null)
            {
                foreach (var cookie in Request.Cookies)
                {
                    if (cookie.Key.Equals("TestCookie"))
                    {
                        param = HttpUtility.UrlDecode(cookie.Value, Encoding.UTF8);
                        break;
                    }
                }
            }

            // Vulnerable: User input directly in Path.Combine
            string fileName = Path.Combine(_rootPath, "files", param);
            
            // Use the unsafe value
            FileStream fs = null;
            try
            {
                fs = new FileStream(fileName, FileMode.Open);
                // Read file...
            }
            catch (Exception e)
            {
                // Handle error...
            }
            finally
            {
                fs?.Close();
            }

            return Ok();
        }
    }
}

Compliant Code Examples

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Http;
using System.IO;
using System.Web;
using System.Text;

namespace Controllers
{
    public class SafeController : Controller
    {
        [HttpPost("/path-test")]
        public IActionResult Post()
        {
            // Get parameter from cookies
            string param = "defaultValue";
            if (Request.Cookies != null)
            {
                foreach (var cookie in Request.Cookies)
                {
                    if (cookie.Key.Equals("TestCookie"))
                    {
                        param = HttpUtility.UrlDecode(cookie.Value, Encoding.UTF8);
                        break;
                    }
                }
            }

            // Safe: Uses ternary that always evaluates to a constant
            string filePath = (7 * 18) + 106 > 200 ? "safe_constant_filename" : param;

            // Use the safe value
            FileStream fs = null;
            try
            {
                string fullPath = Constants.FILES_DIR + filePath;
                fs = new FileStream(fullPath, FileMode.Open);
                // Read file...
            }
            catch (Exception e)
            {
                // Handle error...
            }
            finally
            {
                fs?.Close();
            }

            return Ok();
        }
    }

    public static class Constants
    {
        public static string FILES_DIR = "files/";
    }
}