Path Manipulation of Fortify Vulnerability

Others 2022-04-28 20:30:28 views: 0

  Continue to summarize the vulnerabilities of Fortify. This article mainly summarizes the vulnerabilities of  Path Manipulation (path tampering) , as follows:

1. Path Manipulation                        

1.1. Reasons:

A path manipulation error occurs when the following two conditions are met:

1. An attacker can specify a path used in a file system operation.

2. An attacker can obtain a certain permission by specifying a specific resource, and this kind of permission is impossible to obtain under normal circumstances.

 

For example, in a program, an attacker can gain specific permissions to rewrite specified files or run the program in a configuration environment under their control.

Example 1 : The following code uses input from an HTTP request to create a filename. The programmer didn't take into account that an attacker might use a filename like " ../../tomcat/conf/server.xml ", causing the application to delete its own configuration file.

String rName = request.getParameter("reportName");

File rFile = new File("/usr/local/apfr/reports/" + rName);

...

rFile.delete()

 

Example 2 The following code uses input from a configuration file to decide which file to open and returns to the user. If the program runs with certain permissions, and malicious users are able to tamper with the configuration file , they can read all files on the system that end with a .txt extension through the program.

fis = new FileInputStream(cfg.getProperty("sub")+".txt");
amt = fis.read(arr);
out.println(arr);

1.2. Repair plan:

Option 1: Create a list of legal resource names , and specify that the user can only select the file names. In this way, the user cannot directly specify the name of the resource by himself. 

But in some cases, this approach is not feasible because such a list of legitimate resource names is too large to keep track of. Therefore, programmers usually use scheme two in this case, the blacklist + whitelist double filtering path method.

 

Option 2: Before entering, the blacklist will selectively reject or avoid potentially dangerous characters (for example, the following example filters .. characters). It also creates a whitelist of characters that are allowed to appear in resource names, and only accepts input consisting entirely of these approved characters.

 Figure 1.2.1: Whitelisted characters for legal paths

 

 

Figure 1.2.2: Illegal character public method for filtering paths

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326523382&siteId=291194637
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com