# Path Traversal / Directory Traversal

- ID: python-path-traversal
- Severity: HIGH
- CWE: Path Traversal (CWE-22)
- Languages: Python
- Frameworks: django, flask, fastapi, pyramid, tornado, bottle

## Description

Detects untrusted user input being used in file system operations without
proper validation.

## Remediation

Use os.path.basename() to extract the filename only.

```python
import os
safe_filename = os.path.basename(user_filename)
```

Learn more: https://shoulder.dev/learn/python/cwe-22/path-traversal

## Documentation

[object Object]

## Related Rules

- **Path Traversal via File Operations** [HIGH]: 
- **Zip Slip / Path Traversal in Archive** [HIGH]: 
- **Path Traversal in File Operations** [CRITICAL]: 
- **Zip Slip Path Traversal** [HIGH]: 
- **Zip Slip / Archive Path Traversal** [HIGH]: