Unsanitized user input in file path

• Rule ID: python_django_path_using_user_input
• Languages: python
• Source: path_using_user_input.yml

Description

Unsanitized user input in file path resolution can lead to security vulnerabilities. This issue arises when an application directly uses input from the user to determine file paths or names without proper validation or sanitization. Attackers can exploit this to access unauthorized files or directories, leading to data breaches or other security compromises.

Remediations

• Do not directly use user input in file paths without sanitization. This prevents attackers from manipulating file paths to access or manipulate unauthorized files.
• Do use a safelist to define accessible paths or directories. Only allow user input to influence file paths within these predefined, safe boundaries.
• Do sanitize user input used in file path resolution. For example, use absolute paths and check against the expected base directory

    BASE_DIRECTORY = '/path/to/safe/directory'
    my_path = os.path.abspath(os.path.join(BASE_DIRECTORY, user_input))
  
    if my_path.startswith(BASE_DIRECTORY):
      open(my_path)

• Do not use user input when creating an instance of a file storage class such as FileSystemStorage. Rather rely on the default configuration as set in settings.MEDIA_ROOT

    storage = FileSystemStorage(user_input) # unsafe

Associated CWE

• CWE-73: External Control of File Name or Path

OWASP Top 10

• A04:2021 - Insecure Design

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=python_django_path_using_user_input

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=python_django_path_using_user_input