Class: Aikido::Zen::Scanners::PathTraversalScanner

Inherits:

Object

• Object
• Aikido::Zen::Scanners::PathTraversalScanner

Defined in:

lib/aikido/zen/scanners/path_traversal_scanner.rb

Class Method Summary

• .call(filepath:, sink:, context:, operation:) ⇒ Aikido::Zen::Attacks::PathTraversalAttack^?

  Checks if the user introduced input is trying to access other path using Path Traversal kind of attacks.

Instance Method Summary

• #attack? ⇒ Boolean
• #initialize(filepath, input) ⇒ PathTraversalScanner constructor

  A new instance of PathTraversalScanner.

Constructor Details

#initialize(filepath, input) ⇒ PathTraversalScanner

Returns a new instance of PathTraversalScanner.

# File 'lib/aikido/zen/scanners/path_traversal_scanner.rb', line 36

def initialize(filepath, input)
  @filepath = filepath.downcase
  @input = input.downcase
end

Class Method Details

.call(filepath:, sink:, context:, operation:) ⇒ Aikido::Zen::Attacks::PathTraversalAttack^?

Checks if the user introduced input is trying to access other path using Path Traversal kind of attacks.

user input is detected to be attempting a Path Traversal Attack, or nil if not.

Parameters:

• filepath (String) —

  the expanded path that is tried to be read

• context (Aikido::Zen::Context)
• sink (Aikido::Zen::Sink) —

  the Sink that is running the scan.

• operation (Symbol, String) —

  name of the method being scanned.

Returns:

• (Aikido::Zen::Attacks::PathTraversalAttack, nil) —

  an Attack if any

# File 'lib/aikido/zen/scanners/path_traversal_scanner.rb', line 18

def self.call(filepath:, sink:, context:, operation:)
  return unless context

  context.payloads.each do |payload|
    next unless new(filepath, payload.value).attack?

    return Attacks::PathTraversalAttack.new(
      sink: sink,
      input: payload,
      filepath: filepath,
      context: context,
      operation: "#{sink.operation}.#{operation}"
    )
  end

  nil
end

Instance Method Details

#attack? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/aikido/zen/scanners/path_traversal_scanner.rb', line 41

def attack?
  # Single character are ignored because they don't pose a big threat
  return false if @input.length <= 1

  # We ignore cases where the user input is longer than the file path.
  # Because the user input can't be part of the file path.
  return false if @input.length > @filepath.length

  # We ignore cases where the user input is not part of the file path.
  return false unless @filepath.include?(@input)

  if PathTraversal::Helpers.contains_unsafe_path_parts(@filepath) && PathTraversal::Helpers.contains_unsafe_path_parts(@input)
    return true
  end

  # Check for absolute path traversal
  PathTraversal::Helpers.starts_with_unsafe_path(@filepath, @input)
end