什么是抵御路径遍历攻击的最佳方法？ [英] What's the best way to defend against a path traversal attack?

问题描述

我有一个Java服务器实现（TFTP，如果它对你很重要），我想确保它不容易受到路径遍历攻击，允许访问不应该可用的文件和位置。

I have a Java server implementation (TFTP if it matters to you) and I'd like to ensure that it's not susceptible to path traversal attacks allowing access to files and locations that shouldn't be available.

我到目前为止最好的防守尝试是拒绝任何符合 File.isAbsolute（）的条目然后依赖在 File.getCanonicalPath（）解析任何 ../ 和 ./ 路径之外的组件。最后，我确保生成的路径仍在我服务器的所需根目录中：

My best attempt at defending so far is to reject any entries that match File.isAbsolute() and then rely on File.getCanonicalPath() to resolve any ../ and ./ components out of the path. Finally I ensure that the resulting path is still within the required root directory of my server:

public String sanitize(final File dir, final String entry) throws IOException {
    if (entry.length() == 0) {
        throw new PathTraversalException(entry);
    }

    if (new File(entry).isAbsolute()) {
        throw new PathTraversalException(entry);
    }

    final String canonicalDirPath = dir.getCanonicalPath() + File.separator;
    final String canonicalEntryPath = new File(dir, entry).getCanonicalPath();

    if (!canonicalEntryPath.startsWith(canonicalDirPath)) {
        throw new PathTraversalException(entry);
    }

    return canonicalEntryPath.substring(canonicalDirPath.length());
}

这是否存在安全问题？是否可以更好/更快地可靠地实现相同的结果？

Are there security issues that this misses? Are there better / faster to achieve the same result reliably?

代码需要在Windows和Linux上一致地工作。

The code needs to work consistently across Windows and Linux.

推荐答案

以下内容可能有所帮助。它比较了规范和绝对路径，如果它们不同，那么它就会失败。仅在mac / linux系统上测试（即没有窗口）。

The following may help. It compares the canonical and absolute paths, and if they differ, then it'll fail. Only tested on a mac/linux system (ie no windows).

这适用于您希望允许用户提供相对路径而非绝对路径的情况，并且您不允许任何父目录引用。

This is for the case where you want to allow the user to supply a relative path, not an absolute path, and you don't allow any parent directory references.

public void failIfDirectoryTraversal(String relativePath)
{
    File file = new File(relativePath);

    if (file.isAbsolute())
    {
        throw new RuntimeException("Directory traversal attempt - absolute path not allowed");
    }

    String pathUsingCanonical;
    String pathUsingAbsolute;
    try
    {
        pathUsingCanonical = file.getCanonicalPath();
        pathUsingAbsolute = file.getAbsolutePath();
    }
    catch (IOException e)
    {
        throw new RuntimeException("Directory traversal attempt?", e);
    }


    // Require the absolute path and canonicalized path match.
    // This is done to avoid directory traversal 
    // attacks, e.g. "1/../2/" 
    if (! pathUsingCanonical.equals(pathUsingAbsolute))
    {
        throw new RuntimeException("Directory traversal attempt?");
    }
}

这篇关于什么是抵御路径遍历攻击的最佳方法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！