Improper limitation of a pathname to a restricted directory ('Path Traversal')
ID |
scala.inject.scala_inject_rule_pathtraversalout |
Severity |
low |
Resource |
Inject |
Language |
Scala |
Description
A file is opened to write to its contents. The filename comes from an input parameter. If an unfiltered parameter is passed to this file API, files at an arbitrary filesystem location could be modified. This rule identifies potential path traversal vulnerabilities. In many cases, the constructed file path cannot be controlled by the user.
Rationale
A file is opened to write to its contents. The filename comes from an input parameter. If an unfiltered parameter is passed to this file API, files at an arbitrary filesystem location could be modified. This rule identifies potential path traversal vulnerabilities. In many cases, the constructed file path cannot be controlled by the user.
Remediation
Follow secure coding practices and review the references below for detailed remediation guidance.
References
-
OWASP Top 10 2021 - A5 : Broken Access Control.
-
OWASP Top 10 2021 - A01 : Broken Access Control.