A Simple and Intuitive Algorithm for Preventing Directory Traversal Attacks
This addresses security vulnerabilities for web developers by offering an incremental improvement in defense mechanisms against directory traversal attacks.
The paper tackles the problem of directory traversal attacks in web applications by proposing a new stack-based algorithm for safely canonicalizing user-supplied path strings, with a proof of correctness and verification using symbolic execution to ensure it is simple, testable, and cross-platform compatible.
With web applications becoming a preferred method of presenting graphical user interfaces to users, software vulnerabilities affecting web applications are becoming more and more prevalent and devastating. Some of these vulnerabilities, such as directory traversal attacks, have varying defense mechanisms and mitigations that can be difficult to understand, analyze, and test. Gaps in the testing of these directory traversal defense mechanisms can lead to vulnerabilities that allow attackers to read sensitive data from files or even execute malicious code. This paper presents an analysis of some currently used directory traversal attack defenses and presents a new, stack-based algorithm to help prevent these attacks by safely canonicalizing user-supplied path strings. The goal of this algorithm is to be small, easy to test, cross-platform compatible, and above all, intuitive. We provide a proof of correctness and verification strategies using symbolic execution for the algorithm. We hope that the algorithm is simple and effective enough to help move developers towards a unified defense against directory traversal attacks.