# Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

**Stack:** Go

- Prevalence: उच्च बार-बार शोषित
- Impact: क्रिटिकल 1 क्रिटिकल गंभीरता वाले नियम
- Prevention: प्रलेखित 6 फिक्स उदाहरण

**OWASP:** Broken Access Control (A01:2021-Broken Access Control) - #1

## Description

Many file operations are intended to take place within a restricted directory. By using special elements such as '..' and '/' separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system.

## Prevention

2 Shoulder डिटेक्शन नियमों पर आधारित Path Traversal के लिए रोकथाम रणनीतियाँ।

### Go

Resolve the full path and verify it stays within the intended base directory

Validate that extracted archive paths resolve within the target directory

## Consequences

- फ़ाइलें या डायरेक्टरीज़ पढ़ना
- फ़ाइलें या डायरेक्टरीज़ संशोधित करना
- अनधिकृत कोड निष्पादित करना

## Mitigations

- एक सत्यापित लाइब्रेरी या फ़्रेमवर्क का उपयोग करें जो इस कमज़ोरी को होने न दे
- ऐसे स्वीकार्य इनपुट की अनुमति-सूची (allowlist) का उपयोग करें जो विनिर्देशों के सख्त अनुरूप हों
- फ़ाइल नामों के लिए, सख्त allowlist का उपयोग करें जो वर्ण सेट को सीमित करें

## Detection

- Total rules: 6
- Critical: 1
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (2 rules)

- **Path Traversal via File Operations** [HIGH]: User input flows to file operations like os.Open without path validation.
  - Remediation: Validate resolved path stays within the base directory.

```go
cleanPath := filepath.Clean(filename)
fullPath := filepath.Join(baseDir, cleanPath)
absPath, _ := filepath.Abs(fullPath)
absBase, _ := filepath.Abs(baseDir)

if !strings.HasPrefix(absPath, absBase+string(os.PathSeparator)) {
    return errors.New("invalid path")
}
```

Learn more: https://shoulder.dev/learn/go/cwe-22/path-traversal
- **Zip Slip / Path Traversal in Archive** [HIGH]: Archive extraction uses filename without validating it stays within target directory.
  - Remediation: Validate extracted paths are within the target directory.

```go
destPath := filepath.Join(destDir, filepath.Clean(f.Name))
if !strings.HasPrefix(destPath, filepath.Clean(destDir)+string(os.PathSeparator)) {
    return errors.New("illegal file path")
}
outFile, _ := os.Create(destPath)
```

Learn more: https://shoulder.dev/learn/go/cwe-22/zip-slip