[TEST] frogbot test #190
[TEST] frogbot test #190
Conversation
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
…er into frogbot-test-1
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
cardosov
force-pushed
the
frogbot-test-1
branch
from
935b6f7 to
58c0e4e
Compare
This comment has been minimized.
This comment has been minimized.
❌ Build failed in 44sBuild command: mvn clean verify -B -e -Daudit -Djs.no.sandbox❗ No tests found!Errors:Filtered log (click to expand)
ℹ️ This is an automatic message |
| @@ -163,6 +166,7 @@ private String getFileContents(File file) { | |||
| protected File getLastFile() { | |||
| File file = new File(".schemaInfo"); | |||
| if (file.exists()) { | |||
| // Some comments here and there | |||
| String path = getFileContents(file).replaceAll("\n", ""); | |||
| return new File(path); | |||
There was a problem hiding this comment.
🎯 Static Application Security Testing (SAST) Vulnerability
| Severity | Finding |
|---|---|
 High |
Path Traversal |
Full description
Overview
Path traversal, also known as directory traversal, is a type of
vulnerability that allows an attacker to access files or directories on a
computer or device that are outside of the intended directory.
Allowing arbitrary read access can allow the attacker to read sensitive
files, such as configuration files or sensitive data, potentially leading
data loss or even system compromise. Allowing arbitrary write access is
more severe and in most cases leads to arbitrary code execution, via
editing important system files or sensitive data.
Vulnerable example
public class path_traversaLvuln {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = request.getParameter("doc");
Path docPath = Paths.get(DOCS_FOLDER, docName);
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
}
}In this example, an attacker can inject a back-path, that will get anywhere
in the system, using "../../".
Remediation
public class path_traversal_safe {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String DOCS_FOLDER = "/srv/www/docs";
String docName = request.getParameter("doc");
Path docPath = Paths.get(DOCS_FOLDER, docName);
+ Path normDocPath = docPath.normalize();
+ // Make sure the canonical path resides in the desired dir
+ if (normDocPath.startsWith(DOCS_FOLDER)) {
File docFile = docPath.toFile();
FileUtils.copyFile(docFile, response.getOutputStream());
+ }
}
}By checking that the folder name still starts with the predefined prefix, we
make sure that the attacker is not able to back-path outside of the allowed
folder.
Code Flows
Vulnerable data flow analysis result
br.readLine() (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 153)
line (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 153)
line (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 154)
line + "\n" (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 154)
sb.append(line + "\n") (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 154)
sb (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 154)
sb (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 156)
sb.toString() (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 156)
return sb.toString(); (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 156)
getFileContents(file) (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 170)
getFileContents(file).replaceAll("\n", "") (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 170)
path (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 170)
path (at pentaho-aggdesigner-ui/src/main/java/org/pentaho/aggdes/ui/ext/impl/MondrianFileSchemaProvider.java line 171)
No description provided.