A Simple and Intuitive Algorithm for Preventing Directory Traversal Attacks
share
With web applications becoming a preferred method of presenting graphical user interfaces to users, software vulnerabilities affecting web applications are becoming more and more prevalent and devastating. Some of these vulnerabilities, such as directory traversal attacks, have varying defense mechanisms and mitigations that can be difficult to understand, analyze, and test. Gaps in the testing of these directory traversal defense mechanisms can lead to vulnerabilities that allow attackers to read sensitive data from files or even execute malicious code. This paper presents an analysis of some currently used directory traversal attack defenses and presents a new, stack-based algorithm to help prevent these attacks by safely canonicalizing user-supplied path strings. The goal of this algorithm is to be small, easy to test, cross-platform compatible, and above all, intuitive. We provide a proof of correctness and verification strategies using symbolic execution for the algorithm. We hope that the algorithm is simple and effective enough to help move developers towards a unified defense against directory traversal attacks.
READ FULL TEXT