Improper Filtering of Special Elements

Incomplete Class

Structure: Simple

Description

The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

Common Consequences 1

Scope: Integrity

Impact: Unexpected State

Demonstrative Examples 1

ID : DX-2

The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.

Code Example:Bad
Perl
perl

Since the regular expression does not have the /g global match modifier, it only removes the first instance of "../" it comes across. So an input value such as:

Code Example:Attack
bash

will have the first "../" stripped, resulting in:

Code Example:Result
bash

This value is then concatenated with the /home/user/ directory:

Code Example:Result
bash

which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (Relative Path Traversal).

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

Improper Neutralization of Special Elements (CWE-138)