Unsanitized user input in file path

Rule ID: javascript_express_path_traversal
Languages: javascript
Source: path_traversal.yml

Description

Using unsanitized user input to construct file paths can allow attackers to access files and directories beyond the intended limits. This vulnerability, known as path traversal, poses a significant security risk.

Remediations

Do not directly use user input in file path construction. This can lead to unauthorized file access.
Do sanitize user input before using it in path resolution. Replace or remove dangerous patterns like \..\.. to prevent directory traversal attacks.
```
var sanitizedPath = userInput.replace(/^(\.\.(\/|\\|$))+/, '');
```
Do check for and eliminate any instances of the poison NULL byte ("%00") in user input, as it can be used to bypass path sanitization.
```
if (userInput.indexOf('\0') !== -1) {
  // Handle or reject the input
}
```
Do validate the final path to ensure it is within the intended scope before accessing the file system.

References

OWASP Path Traversal

Associated CWE

CWE-73: External Control of File Name or Path

OWASP Top 10

A04:2021 - Insecure Design

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_express_path_traversal

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_express_path_traversal