...
| Code Block | ||||
|---|---|---|---|---|
| ||||
use File::PathConvert qw(realpath $resolved);
sub work_with_image {
my ($image_file) = @_; # untrusted
$image_file = realpath("/img/$image_file") || croak "Resolution stopped at $resolved";
if ($image_file !~ m|/img/|) {
croak "Image file not in /img";
}
open( my $image, "<", $image_file) or croak "Can't open $image_file";
# ...
}
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
use Cwd 'abs_path';
sub work_with_image {
my ($image_file) = @_; # untrusted
$image_file = abs_path("/img/$image_file");
$filename = abs_path( $filename);if ($image_file !~ m|/img/|) {
croak "Image file not in /img";
}
open( my $image, "<", $image_file) or croak "Can't open $image_file";
# ...
}
|
...
Producing canonical file names for Windows operating systems is extremely complex and beyond the scope of this standard. The best advice is to try to avoid making decisions on the basis of a path, directory, or file name [Howard 2002]. Alternatively, use operating system–based mechanisms, such as access control lists (ACLs) or other authorization techniques.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS00-PL | medium | unlikely | medium | P4 | L3 |
Automated Detection
Tool | Diagnostic | Notes |
|---|---|---|
| Taint mode | Insecure dependency in .*open | Detects only files open for writing. |
| Security Reviewer - Static Reviewer | PERL_S91 |
Related Guidelines
...
...
...
...
...
...
...
Bibliography
| [CPAN] | Slaymaker, Barrie, File::PathConvert; Müller, Steffen |
| , File::Spec | |
| [Howard 2002] | Chapter 11, "Canonical Representation Issues" |
| [VU#764027] | zml.cgi does not adequately validate user input thereby allowing directory traversal |
| [VU#806091] | Mike Spice's My Calendar does not adequately validate user input |
| [Wall 2011] | Cwd |
...
...