CRITICAL
Rule Definition
Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/.
Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view.
Remediation
All ways use safe argument as mentioned below to avoid untrusted access.
ActionForward forward6 = new ActionForward(returnURL, "path", true);
Violation Code Sample
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException{
try{
String returnURL = request.getParameter("returnURL");
/******Struts ActionForward vulnerable code ******/
ActionForward forward = new ActionForward(returnURL); //VIOLATION
ActionForward forward2 = new ActionForward(returnURL, true); //VIOLATION
ActionForward forward3 = new ActionForward("name", returnURL, true); //VIOLATION
ActionForward forward5 = new ActionForward();
forward5.setPath(returnURL); //VIOLATION
Fixed Code Sample
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException{
try{
String returnURL = request.getParameter("returnURL");
/******Struts ActionForward NOT vulnerable code ******/
//returnURL moved from path to name (safe argument)
ActionForward forward6 = new ActionForward(returnURL, "path", true);
Reference
https://cwe.mitre.org/data/definitions/552.html
Related Technologies
Technical Criterion
CWE-552 - Files or Directories Accessible to External Parties
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.