path-traversal

Filtering upwards path traversal in Java (or Scala) [closed]

折月煮酒 提交于 2019-12-08 15:02:31
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 4 years ago . Are there any standard library methods that can filter out paths which include special traversal sequences, such as ../ and all other convoluted forms of upwards directory traversal, to safeguard a file path API input from traversing upwards of a given "root" path? I have a class that contains a root folder

What's the best way to defend against a path traversal attack?

萝らか妹 提交于 2019-11-30 12:40:15
问题 I have a Java server implementation (TFTP if it matters to you) and I'd like to ensure that it's not susceptible to path traversal attacks allowing access to files and locations that shouldn't be available. My best attempt at defending so far is to reject any entries that match File.isAbsolute() and then rely on File.getCanonicalPath() to resolve any ../ and ./ components out of the path. Finally I ensure that the resulting path is still within the required root directory of my server: public

What's the best way to defend against a path traversal attack?

一世执手 提交于 2019-11-30 03:11:26
I have a Java server implementation (TFTP if it matters to you) and I'd like to ensure that it's not susceptible to path traversal attacks allowing access to files and locations that shouldn't be available. My best attempt at defending so far is to reject any entries that match File.isAbsolute() and then rely on File.getCanonicalPath() to resolve any ../ and ./ components out of the path. Finally I ensure that the resulting path is still within the required root directory of my server: public String sanitize(final File dir, final String entry) throws IOException { if (entry.length() == 0) {