| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
These functions can be used to delete the files if the data inside the functions are user controlled. Use these functions carefully.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
User input from HTTP requests is being used directly as a file path in the open() function without validation or sanitization. This allows attackers to craft requests that access files outside the intended directory, leading to a path traversal vulnerability.
| Property | |
|---|---|
| Language | |
| Severity | |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
User input from HTTP requests is being used directly to select files for FileResponse, without validation. This lets attackers specify any file path, potentially accessing files they shouldn’t be able to.
An attacker could exploit this to read sensitive files from your server, such as configuration files, user data, or credentials, leading to data breaches or system compromise. This could expose confidential business or personal information and violate security or privacy policies.
| Property | |
|---|---|
| Language | |
| Severity | |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
The code uses user-supplied input from a web request directly as a file path in the open() function without proper validation or sanitization. This allows attackers to manipulate the file path and potentially access files outside the intended directory.
| Property | |
|---|---|
| Language | |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
User input from a web request is being used directly to build file paths with os.path.join() and then passed to open(). This allows attackers to manipulate the file path and potentially access files outside the intended directory.
| Property | |
|---|---|
| Language | |
| Severity | |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
User input from HTTP requests is being used directly in file names without proper validation or sanitization, allowing attackers to manipulate file paths. This can let them access or overwrite files outside the intended directory.
| Property | |
|---|---|
| Language |  |
| Severity | |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Enabling config.serve_static_assets in a Rails application allows users to request files outside the app’s root directory, exposing sensitive files on the server. This misconfiguration can let attackers probe and access unintended files.
If exploited, attackers could discover the presence of sensitive files or even access confidential data stored outside the application’s intended directory. This could lead to data leaks, exposure of configuration files, or aid further attacks on the server.
| Property | |
|---|---|
| Language | |
| Severity | |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
The code uses user-supplied input (such as from params, cookies, or request environment) directly in FTP file operations. This allows attackers to control which files are accessed or modified on the server.
If exploited, an attacker could read, overwrite, or delete arbitrary files on the server via FTP, potentially exposing sensitive data or disrupting application functionality. This could lead to data breaches or loss of system integrity.
| Property | |
|---|---|
| Language | |
| Severity | |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
The code is using user input (such as parameters, cookies, or request data) directly in file or directory operations. This allows attackers to control file paths and potentially access or modify files they shouldn’t.
An attacker could read, modify, or delete sensitive files on the server, leading to data breaches, service disruption, or escalation of privileges. This exposes the application and its users to significant risk, including unauthorized access to confidential information.
| Property | |
|---|---|
| Language | |
| Severity | |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Avoid rendering user input. It may be possible for a malicious user to input a path that lets them access a template they shouldn’t. To prevent this, check dynamic template paths against a predefined allowlist to make sure it’s an allowed template.