Unsanitized user input in file path

• Rule ID: ruby_lang_path_using_user_input
• Languages: ruby
• Source: path_using_user_input.yml

Description

Unsanitized user input in file paths can compromise your system's security. This vulnerability arises when user input is directly used to construct file names or paths without proper sanitization, potentially leading to path manipulation. Attackers could exploit this to access files or directories outside the intended scope, posing a significant security risk.

Remediations

• Do not use unsanitized user input to construct file paths or filenames. This can open up your application to path manipulation attacks.
• Do validate and sanitize user input before using it in file paths.
• Do ensure that the constructed path is within the intended directory. For example, restrict user input to a predefined list of allowed values when constructing file paths. This limits the scope of accessible resources to only those explicitly permitted.
• Do use file path manipulation methods to verify and constrain the path appropriately.

  path = File.expand_path("/home/" + params[:resource_name])
  if path.starts_with?("/home/")
    Dir.chdir(path)
  else
    # Handle unexpected path
  end

References

• OWASP Path Traversal Attack

Associated CWE

• CWE-73: External Control of File Name or Path

OWASP Top 10

• A04:2021 - Insecure Design

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=ruby_lang_path_using_user_input

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=ruby_lang_path_using_user_input