Fortify 显示严重漏洞 File.Delete() 操作 C#

发布于 2024-11-05 09:07:54 字数 1408 浏览 4 评论 0原文

以下代码始终显示路径操作问题。如何解决呢?

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Text.RegularExpressions;

namespace PathManipulation
{
    class Program
    {
       public string dir = null;
       public void someFunction(string fileName)
        {

          //  File.Delete(Regex.Replace(dir + fileName, @"\..\", String.Empty));
            if (!(dir.IndexOf("//") >= 0) || !Regex.IsMatch(dir, "System32"))
            {
                String p = Regex.Replace(dir, @"..\", string.Empty);
                DirectoryInfo di = new DirectoryInfo(p);
                FileInfo[] fi = di.GetFiles();
                if (fi.Length > 0)
                {
                    for (int i = 0; i < fi.Length; i++)
                    {
                        if (fi[i].ToString().Equals(fileName))
                        {

                            Console.WriteLine(fi[i].ToString());
                            fi[i].Delete();
                        }
                    }
                    File.Delete(dir + fileName);
                }
            }
            else
            {
                return;
            }


        }

        static void Main(string[] args)
        {
           Program p = new Program();
           p.dir = args[0];
           p.someFunction(args[1]);
        }
    }
}

The following code always shows path manipulation problem. How to resolve it ?

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Text.RegularExpressions;

namespace PathManipulation
{
    class Program
    {
       public string dir = null;
       public void someFunction(string fileName)
        {

          //  File.Delete(Regex.Replace(dir + fileName, @"\..\", String.Empty));
            if (!(dir.IndexOf("//") >= 0) || !Regex.IsMatch(dir, "System32"))
            {
                String p = Regex.Replace(dir, @"..\", string.Empty);
                DirectoryInfo di = new DirectoryInfo(p);
                FileInfo[] fi = di.GetFiles();
                if (fi.Length > 0)
                {
                    for (int i = 0; i < fi.Length; i++)
                    {
                        if (fi[i].ToString().Equals(fileName))
                        {

                            Console.WriteLine(fi[i].ToString());
                            fi[i].Delete();
                        }
                    }
                    File.Delete(dir + fileName);
                }
            }
            else
            {
                return;
            }


        }

        static void Main(string[] args)
        {
           Program p = new Program();
           p.dir = args[0];
           p.someFunction(args[1]);
        }
    }
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

月朦胧 2024-11-12 09:07:54

是的,您中断了数据流,以便最终用户无法指定要删除的文件。

例如:

public void someFunction(int fileIndex){
...
   if (fileIndex == 0){
      File.Delete( "puppies.txt" );
   }
   else if (fileIndex == 1){
      File.Delete( "kittens.txt" );
   }
   else {
      throw new IllegalArgumentException( "Invalid delete index" );
   }
}

这是解决问题的一种极端方法,但它不允许最终用户删除开发人员无意的任何内容。

您的数据验证检查:

if (!(dir.IndexOf("//") >= 0) || !Regex.IsMatch(dir, "System32"))

很弱。这称为“黑名单”,攻击者只需找出检查中遗漏的模式即可。例如,@“C:\My Documents”。

相反,您应该考虑“白名单”方法。看看 https://www.owasp.org/index.php/Data_Validation#Accept_known_good 一个非常彻底的例子。它不直接解决路径注入。您只需认真考虑您期望收到哪些文件/目录。如果输入偏离该值,则抛出错误。通过一些测试,您将创建一个良好的白名单。

Yes, you break the flow of data so that the end user is not able to specify the file to be deleted.

For instance:

public void someFunction(int fileIndex){
...
   if (fileIndex == 0){
      File.Delete( "puppies.txt" );
   }
   else if (fileIndex == 1){
      File.Delete( "kittens.txt" );
   }
   else {
      throw new IllegalArgumentException( "Invalid delete index" );
   }
}

That's an extreme way to solve the problem, but it does not allow the end user to delete ANYTHING the developer didn't intend.

Your data validation check:

if (!(dir.IndexOf("//") >= 0) || !Regex.IsMatch(dir, "System32"))

is weak. This is referred to as "blacklisting" and the attacker only has to figure out a pattern that is missed by your checks. So, @"C:\My Documents" for instance.

Instead, you should consider a "whitelisting" approach. Take a look at https://www.owasp.org/index.php/Data_Validation#Accept_known_good for a pretty thorough example. It doesn't address path injection directly. You simply have to think hard about what files/directories you expect to receive. Throw an error if the input deviates from that. With a little testing you will create a good whitelist.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文