CME-1301
Path Traversal Prevention (Canonicalization)
Description
Application-level path validation that canonicalizes user-supplied paths (resolving symlinks, ../, and relative references) and verifies the resolved path falls within an allowed base directory. Rejects absolute path injection and directory traversal sequences before any filesystem operation. Prevents attackers from reading or writing files outside intended directories.
CVSS Vector Impacts
| Metric | Transition | Rationale |
|---|---|---|
| Attack Complexity (AC) | L → H | Traversal payloads (../, absolute paths) are rejected before reaching filesystem operations |
| Confidentiality (C) | H → L | File read confined to allowed directory; sensitive files outside base path are unreachable |
CWE Relationships
Verification
Test application with path traversal payloads and verify rejection; inspect source for canonicalization before file access
$ grep -rn 'os.path.realpath\|pathlib.*resolve\|os.path.abspath' <app_source>/
# Expected: Path canonicalization calls present before file operations
# Expected: Path canonicalization calls present before file operations
Platform: any
$ grep -rn 'startswith\|is_relative_to' <app_source>/
# Expected: Base directory prefix check present after canonicalization
# Expected: Base directory prefix check present after canonicalization
Platform: any