This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
The '.../...//' manipulation is useful for bypassing some path traversal protection schemes. If "../" is filtered in a sequential fashion, as done by some regular expression engines, then ".../...//" can collapse into the "../" unsafe value (CWE-182). Removing the first "../" yields "....//"; the second removal yields "../". Depending on the algorithm, the software could be susceptible toCWE-34但不是CWE-35, or vice versa.
Relevant to the view "Research Concepts" (CWE-1000)
自然
Type
ID
名称
Childof
根据- a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
根据- a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
chain: ".../...//" bypasses protection mechanism using regexp's that remove "../" resulting in collapse into an unsafe value "../" (CWE-182)和由此产生的路径遍历。
When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such asCWE-23,并排除目录分离器,例如“/”以避免CWE-36。使用允许文件扩展名的列表,这将有助于避免CWE-434。
不要仅仅依靠去除潜在危险字符的过滤机制。这等同于派符者,这可能是不完整的(CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Effectiveness: High
Phase: Implementation
策略:输入验证
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Memberships
This MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources.
自然
Type
ID
名称
MemberOf
Category - a CWE entry that contains a set of other entries that share a common characteristic.
Description
该表显示了与该弱点相关的弱点和高级类别。这些关系定义为childof,parentof,ementof,并深入了解可能存在于较高和较低抽象水平的类似项目。此外,定义了诸如Peerof和Canalsobe之类的关系,以显示用户可能想要探索的类似弱点。
