Update PathTraversalVulnerability.java

Key Changes Explained: Enhanced security checks: Added checks to prevent Path Traversal attacks by verifying that the file name does not contain ".." and is within the list of allowed file names. Improved error handling: Changed the HTTP response codes to more accurately reflect the nature of the error (e.g., returning 404 Not Found for missing files and 403 Forbidden for unauthorized access attempts). Condition validation: Immediately returns a 400 Bad Request if the precondition is not met, which helps in quickly identifying issues with request parameters. Error Logging: Now logs different types of errors distinctly for better diagnostics.Key Changes Explained: Enhanced security checks: Added checks to prevent Path Traversal attacks by verifying that the file name does not contain ".." and is within the list of allowed file names. Improved error handling: Changed the HTTP response codes to more accurately reflect the nature of the error (e.g., returning 404 Not Found for missing files and 403 Forbidden for unauthorized access attempts). Condition validation: Immediately returns a 400 Bad Request if the precondition is not met, which helps in quickly identifying issues with request parameters. Error Logging: Now logs different types of errors distinctly for better diagnostics.
SasanLabs · Apr 30, 2024 · e69c9a7 · e69c9a7
1 parent 928f79f
commit e69c9a7
Showing 1 changed file with 25 additions and 21 deletions.
diff --git a/...in/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java b/...in/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java
@@ -41,31 +41,35 @@ public class PathTraversalVulnerability {
             LogManager.getLogger(PathTraversalVulnerability.class);
 
     private static final String URL_PARAM_KEY = "fileName";
-
     private ResponseEntity<GenericVulnerabilityResponseBean<String>> readFile(
             Supplier<Boolean> condition, String fileName) {
-        if (condition.get()) {
-            InputStream infoFileStream =
-                    this.getClass().getResourceAsStream("/scripts/PathTraversal/" + fileName);
-            if (infoFileStream != null) {
-                try (BufferedReader reader =
-                        new BufferedReader(new InputStreamReader(infoFileStream))) {
-                    String information = reader.readLine();
-                    StringBuilder payload = new StringBuilder();
-                    while (information != null) {
-                        payload.append(information);
-                        information = reader.readLine();
-                    }
-                    return new ResponseEntity<GenericVulnerabilityResponseBean<String>>(
-                            new GenericVulnerabilityResponseBean<>(payload.toString(), true),
-                            HttpStatus.OK);
-                } catch (IOException e) {
-                    LOGGER.error("Following error occurred: ", e);
-                }
+        if (!condition.get()) {
+            return ResponseEntity.badRequest().body(new GenericVulnerabilityResponseBean<>("Invalid request condition", false));
+        }
+
+        // Preventing Path Traversal and ensuring only allowed filenames are processed.
+        if (fileName.contains("..") || !ALLOWED_FILE_NAMES.contains(fileName)) {
+            LOGGER.error("Attempted access to restricted file: {}", fileName);
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new GenericVulnerabilityResponseBean<>("Access denied", false));
+        }
+
+        InputStream infoFileStream = this.getClass().getResourceAsStream("/scripts/PathTraversal/" + fileName);
+        if (infoFileStream == null) {
+            LOGGER.error("File not found: {}", fileName);
+            return ResponseEntity.notFound().build();
+        }
+
+        try (BufferedReader reader = new BufferedReader(new InputStreamReader(infoFileStream))) {
+            StringBuilder payload = new StringBuilder();
+            String information;
+            while ((information = reader.readLine()) != null) {
+                payload.append(information);
             }
+            return ResponseEntity.ok(new GenericVulnerabilityResponseBean<>(payload.toString(), true));
+        } catch (IOException e) {
+            LOGGER.error("Error reading file: {}", fileName, e);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(new GenericVulnerabilityResponseBean<>("Error reading file", false));
         }
-        return new ResponseEntity<GenericVulnerabilityResponseBean<String>>(
-                new GenericVulnerabilityResponseBean<>(), HttpStatus.OK);
     }
 
     @AttackVector(