Clean is not intended to sanitize against path traversal attacks. This function is for finding the shortest path name equivalent to the given input. Using Clean to sanitize file reads may expose this application to path traversal attacks, where an attacker could access arbitrary files on the server. To fix this easily, write this: filepath.FromSlash(path.Clean("/"+strings.Trim(req.URL.Path, "/"))) However, a better solution is using the SecureJoin function in the package filepath-securejoin. See https://pkg.go.dev/github.com/cyphar/filepath-securejoin#section-readme.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
File traversal when extracting zip archive
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
File creation in shared tmp directory without using ioutil.Tempfile
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-377: Insecure Temporary File
OWASP:
- A01:2021 - Broken Access Control
Detected a possible denial-of-service via a zip bomb attack. By limiting the max bytes read, you can mitigate this attack. io.CopyN() can specify a size.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-400: Uncontrolled Resource Consumption