From 8c7a68f3808a8d52f5cfc297a249ca4ef2480238 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Gustavsson?= Date: Thu, 16 Feb 2017 15:55:34 +0100 Subject: filename: Add safe_relative_path/1 Add safe_relative_path/1 to guard against directory traversal attacks. It either returns a shorter path without any ".." or "." components, or 'unsafe' if an ".." component would climb up above the root of the relative path. Here are a few examples: safe_relative_path("a/b/..") => "a" safe_relative_path("a/..") => "" safe_relative_path("a/../..") => unsafe safe_relative_path("/absolute/path") => unsafe The returned path can be used directly or combined with an absolute path using filename:join/2. --- lib/stdlib/doc/src/filename.xml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'lib/stdlib/doc') diff --git a/lib/stdlib/doc/src/filename.xml b/lib/stdlib/doc/src/filename.xml index 2a413835d0..f7f3f7b504 100644 --- a/lib/stdlib/doc/src/filename.xml +++ b/lib/stdlib/doc/src/filename.xml @@ -510,6 +510,33 @@ true + + + Sanitize a relative path to avoid directory traversal attacks. + +

Sanitizes the relative path by eliminating ".." and "." + components to protect against directory traversal attacks. + Either returns the sanitized path name, or the atom + unsafe if the path is unsafe. + The path is considered unsafe in the following circumstances:

+ +

The path is not relative.

 +

A ".." component would climb up above the root of + the relative path.

 + +

Examples:

+ 
+1> filename:safe_relative_path("dir/sub_dir/..").
+"dir"
+2> filename:safe_relative_path("dir/..").
+[]
+3> filename:safe_relative_path("dir/../..").
+unsafe
+4> filename:safe_relative_path("/abs/path").
+unsafe
+ + + Split a filename into its path components. -- cgit v1.2.3