From e69c9a73991e13f50dd9c2487236d9c0c106589e Mon Sep 17 00:00:00 2001
From: tidaaartorhem <46531833+tidaaartorhem@users.noreply.github.com>
Date: Mon, 29 Apr 2024 22:06:57 -0400
Subject: [PATCH] Update PathTraversalVulnerability.java

Key Changes Explained:
Enhanced security checks: Added checks to prevent Path Traversal attacks by verifying that the file name does not contain ".." and is within the list of allowed file names.
Improved error handling: Changed the HTTP response codes to more accurately reflect the nature of the error (e.g., returning 404 Not Found for missing files and 403 Forbidden for unauthorized access attempts).
Condition validation: Immediately returns a 400 Bad Request if the precondition is not met, which helps in quickly identifying issues with request parameters.
Error Logging: Now logs different types of errors distinctly for better diagnostics.Key Changes Explained:
Enhanced security checks: Added checks to prevent Path Traversal attacks by verifying that the file name does not contain ".." and is within the list of allowed file names.
Improved error handling: Changed the HTTP response codes to more accurately reflect the nature of the error (e.g., returning 404 Not Found for missing files and 403 Forbidden for unauthorized access attempts).
Condition validation: Immediately returns a 400 Bad Request if the precondition is not met, which helps in quickly identifying issues with request parameters.
Error Logging: Now logs different types of errors distinctly for better diagnostics.
---
 .../PathTraversalVulnerability.java           | 46 ++++++++++---------
 1 file changed, 25 insertions(+), 21 deletions(-)

diff --git a/src/main/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java b/src/main/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java
index d0ca3e22..b6fb2627 100644
--- a/src/main/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java
+++ b/src/main/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java
@@ -41,31 +41,35 @@ public class PathTraversalVulnerability {
             LogManager.getLogger(PathTraversalVulnerability.class);
 
     private static final String URL_PARAM_KEY = "fileName";
-
     private ResponseEntity<GenericVulnerabilityResponseBean<String>> readFile(
             Supplier<Boolean> condition, String fileName) {
-        if (condition.get()) {
-            InputStream infoFileStream =
-                    this.getClass().getResourceAsStream("/scripts/PathTraversal/" + fileName);
-            if (infoFileStream != null) {
-                try (BufferedReader reader =
-                        new BufferedReader(new InputStreamReader(infoFileStream))) {
-                    String information = reader.readLine();
-                    StringBuilder payload = new StringBuilder();
-                    while (information != null) {
-                        payload.append(information);
-                        information = reader.readLine();
-                    }
-                    return new ResponseEntity<GenericVulnerabilityResponseBean<String>>(
-                            new GenericVulnerabilityResponseBean<>(payload.toString(), true),
-                            HttpStatus.OK);
-                } catch (IOException e) {
-                    LOGGER.error("Following error occurred: ", e);
-                }
+        if (!condition.get()) {
+            return ResponseEntity.badRequest().body(new GenericVulnerabilityResponseBean<>("Invalid request condition", false));
+        }
+
+        // Preventing Path Traversal and ensuring only allowed filenames are processed.
+        if (fileName.contains("..") || !ALLOWED_FILE_NAMES.contains(fileName)) {
+            LOGGER.error("Attempted access to restricted file: {}", fileName);
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new GenericVulnerabilityResponseBean<>("Access denied", false));
+        }
+
+        InputStream infoFileStream = this.getClass().getResourceAsStream("/scripts/PathTraversal/" + fileName);
+        if (infoFileStream == null) {
+            LOGGER.error("File not found: {}", fileName);
+            return ResponseEntity.notFound().build();
+        }
+
+        try (BufferedReader reader = new BufferedReader(new InputStreamReader(infoFileStream))) {
+            StringBuilder payload = new StringBuilder();
+            String information;
+            while ((information = reader.readLine()) != null) {
+                payload.append(information);
             }
+            return ResponseEntity.ok(new GenericVulnerabilityResponseBean<>(payload.toString(), true));
+        } catch (IOException e) {
+            LOGGER.error("Error reading file: {}", fileName, e);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(new GenericVulnerabilityResponseBean<>("Error reading file", false));
         }
-        return new ResponseEntity<GenericVulnerabilityResponseBean<String>>(
-                new GenericVulnerabilityResponseBean<>(), HttpStatus.OK);
     }
 
     @AttackVector(