Commits on Jul 29, 2022

1. vuln-fix: Partial Path Traversal Vulnerability …

   This fixes a partial path traversal vulnerability.
   
   Replaces `dir.getCanonicalPath().startsWith(parent.getCanonicalPath())`, which is vulnerable to partial path traversal attacks, with the more secure `dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath())`.
   
   To demonstrate this vulnerability, consider `"/usr/outnot".startsWith("/usr/out")`.
   The check is bypassed although `/outnot` is not under the `/out` directory.
   It's important to understand that the terminating slash may be removed when using various `String` representations of the `File` object.
   For example, on Linux, `println(new File("/var"))` will print `/var`, but `println(new File("/var", "/")` will print `/var/`;
   however, `println(new File("/var", "/").getCanonicalPath())` will print `/var`.
   
   Weakness: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
   Severity: Medium
   CVSSS: 6.1
   Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.PartialPathTraversalVulnerability)
   
   Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
   Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
   
   Bug-tracker: JLLeitschuh/security-research#13
   
   Co-authored-by: Moderne <team@moderne.io>

   

   JLLeitschuh and TeamModerne committed Jul 29, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 81ea13d
   • Browse repository at this point

   Copy the full SHA

   81ea13d View commit details

   Browse the repository at this point in the history

2. Update AbstractFileSource.java

   

   JLLeitschuh committed Jul 29, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 3f38427
   • Browse repository at this point

   Copy the full SHA

   3f38427 View commit details

   Browse the repository at this point in the history