SasanLabs · tidaaartorhem · Apr 30, 2024 · preetkaran20 · May 1, 2024
diff --git a/...in/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java b/...in/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java
@@ -41,31 +41,35 @@ public class PathTraversalVulnerability {
             LogManager.getLogger(PathTraversalVulnerability.class);
 
     private static final String URL_PARAM_KEY = "fileName";
-
     private ResponseEntity<GenericVulnerabilityResponseBean<String>> readFile(
             Supplier<Boolean> condition, String fileName) {
-        if (condition.get()) {
-            InputStream infoFileStream =
-                    this.getClass().getResourceAsStream("/scripts/PathTraversal/" + fileName);
-            if (infoFileStream != null) {
-                try (BufferedReader reader =
-                        new BufferedReader(new InputStreamReader(infoFileStream))) {
-                    String information = reader.readLine();
-                    StringBuilder payload = new StringBuilder();
-                    while (information != null) {
-                        payload.append(information);
-                        information = reader.readLine();
-                    }
-                    return new ResponseEntity<GenericVulnerabilityResponseBean<String>>(
-                            new GenericVulnerabilityResponseBean<>(payload.toString(), true),
-                            HttpStatus.OK);
-                } catch (IOException e) {
-                    LOGGER.error("Following error occurred: ", e);
-                }
+        if (!condition.get()) {
+            return ResponseEntity.badRequest().body(new GenericVulnerabilityResponseBean<>("Invalid request condition", false));
+        }
+
+        // Preventing Path Traversal and ensuring only allowed filenames are processed.
+        if (fileName.contains("..") || !ALLOWED_FILE_NAMES.contains(fileName)) {
+            LOGGER.error("Attempted access to restricted file: {}", fileName);
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new GenericVulnerabilityResponseBean<>("Access denied", false));
+        }
+
+        InputStream infoFileStream = this.getClass().getResourceAsStream("/scripts/PathTraversal/" + fileName);
+        if (infoFileStream == null) {
+            LOGGER.error("File not found: {}", fileName);
+            return ResponseEntity.notFound().build();
+        }
+
+        try (BufferedReader reader = new BufferedReader(new InputStreamReader(infoFileStream))) {
+            StringBuilder payload = new StringBuilder();
+            String information;
+            while ((information = reader.readLine()) != null) {
+                payload.append(information);
             }
+            return ResponseEntity.ok(new GenericVulnerabilityResponseBean<>(payload.toString(), true));
+        } catch (IOException e) {
+            LOGGER.error("Error reading file: {}", fileName, e);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(new GenericVulnerabilityResponseBean<>("Error reading file", false));
         }
-        return new ResponseEntity<GenericVulnerabilityResponseBean<String>>(
-                new GenericVulnerabilityResponseBean<>(), HttpStatus.OK);
     }
 
     @AttackVector(