/
jax-rs-path-traversal.yaml
44 lines (44 loc) · 1.33 KB
/
jax-rs-path-traversal.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
rules:
- id: jax-rs-path-traversal
metadata:
owasp:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
cwe:
- "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
source-rule-url: https://find-sec-bugs.github.io/bugs.htm#PATH_TRAVERSAL_IN
references:
- https://www.owasp.org/index.php/Path_Traversal
category: security
technology:
- jax-rs
cwe2022-top25: true
cwe2021-top25: true
subcategory:
- vuln
likelihood: LOW
impact: LOW
confidence: MEDIUM
message: >-
Detected a potential path traversal. A malicious actor
could control the location of this file, to include going backwards
in the directory with '../'. To address this, ensure that user-controlled
variables in file paths are sanitized. You may also consider using a utility
method such as org.apache.commons.io.FilenameUtils.getName(...) to only
retrieve the file name from the path.
severity: WARNING
languages:
- java
pattern-either:
- pattern: |
$RETURNTYPE $FUNC (..., @PathParam(...) $TYPE $VAR, ...) {
...
new File(..., $VAR, ...);
...
}
- pattern: |-
$RETURNTYPE $FUNC (..., @javax.ws.rs.PathParam(...) $TYPE $VAR, ...) {
...
new File(..., $VAR, ...);
...
}