Class: Aikido::Zen::Scanners::PathTraversalScanner

Inherits:

Object

• Object
• Aikido::Zen::Scanners::PathTraversalScanner

Defined in:

lib/aikido/zen/scanners/path_traversal_scanner.rb

Class Method Summary

• .call(scan:, sink:, context:, filepath:, operation:) ⇒ Aikido::Zen::Attacks::PathTraversalAttack^?

  Checks if the user introduced input is trying to access other path using Path Traversal kind of attacks.

• .skips_on_nil_context? ⇒ Boolean

Instance Method Summary

• #attack? ⇒ Boolean
• #initialize(filepath, input) ⇒ PathTraversalScanner constructor

  A new instance of PathTraversalScanner.

Constructor Details

#initialize(filepath, input) ⇒ PathTraversalScanner

Returns a new instance of PathTraversalScanner.

# File 'lib/aikido/zen/scanners/path_traversal_scanner.rb', line 42

def initialize(filepath, input)
  @filepath = filepath.downcase
  @input = input.downcase
end

Class Method Details

.call(scan:, sink:, context:, filepath:, operation:) ⇒ Aikido::Zen::Attacks::PathTraversalAttack^?

Checks if the user introduced input is trying to access other path using Path Traversal kind of attacks.

user input is detected to be attempting a Path Traversal Attack, or nil if not.

Parameters:

• filepath (String) —

  the expanded path that is tried to be read

• scan (Aikido::Zen::Scan) —

  the running scan.

• sink (Aikido::Zen::Sink) —

  the Sink that is running the scan.

• context (Aikido::Zen::Context)
• operation (Symbol, String) —

  name of the method being scanned.

Returns:

• (Aikido::Zen::Attacks::PathTraversalAttack, nil) —

  an Attack if any

# File 'lib/aikido/zen/scanners/path_traversal_scanner.rb', line 23

def self.call(scan:, sink:, context:, filepath:, operation:)
  context.payloads.each do |payload|
    next unless new(filepath, payload.value.to_s).attack?

    return Attacks::PathTraversalAttack.new(
      sink: sink,
      input: payload,
      filepath: filepath,
      context: context,
      operation: "#{sink.operation}.#{operation}",
      stack: Aikido::Zen.clean_stack_trace
    )
  rescue => error
    scan.track_error(error, self)
  end

  nil
end

.skips_on_nil_context? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/aikido/zen/scanners/path_traversal_scanner.rb', line 8

def self.skips_on_nil_context?
  true
end

Instance Method Details

#attack? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/aikido/zen/scanners/path_traversal_scanner.rb', line 47

def attack?
  # Single character are ignored because they don't pose a big threat
  return false if @input.length <= 1

  # We ignore cases where the user input is longer than the file path.
  # Because the user input can't be part of the file path.
  return false if @input.length > @filepath.length

  # We ignore cases where the user input is not part of the file path.
  return false unless @filepath.include?(@input)

  if PathTraversal::Helpers.include_unsafe_path_parts?(@filepath) && PathTraversal::Helpers.include_unsafe_path_parts?(@input)
    return true
  end

  # Check for absolute path traversal
  PathTraversal::Helpers.start_with_unsafe_path?(@filepath, @input)
end