返回 Skill 列表
extension
分类: 开发与工程无需 API Key

cwe-22-path-traversal

当需要修复Java代码中的CWE-22(路径遍历:不正确地限制了受限目录的路径名)漏洞时,请使用此技能。该技能会在静态应用程序安全测试发现、安全审查或修复路径遍历问题时触发。

person作者: jakexiaohubgithub

CWE-22 Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

Description

Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

Reference: https://cwe.mitre.org/data/definitions/22.html

OWASP Category: A01:2021 – Broken Access Control


Vulnerable Pattern

❌ Example 1

    private ResponseEntity<GenericVulnerabilityResponseBean<String>> readFile(
            Supplier<Boolean> condition, String fileName) {
        if (condition.get()) {
            InputStream infoFileStream =
                    this.getClass().getResourceAsStream("/scripts/PathTraversal/" + fileName);
            if (infoFileStream != null) {
                try (BufferedReader reader =
                        new BufferedReader(new InputStreamReader(infoFileStream))) {
                    String information = reader.readLine();
                    StringBuilder payload = new StringBuilder();
                    while (information != null) {
                        payload.append(information);
                        information = reader.readLine();
                    }
                    return new ResponseEntity<GenericVulnerabilityResponseBean<String>>(
                            new GenericVulnerabilityResponseBean<>(payload.toString(), true),
                            HttpStatus.OK);
                } catch (IOException e) {
                    LOGGER.error("Following error occurred: ", e);
                }
            }
        }
        return new ResponseEntity<GenericVulnerabilityResponseBean<String>>(
                new GenericVulnerabilityResponseBean<>(), HttpStatus.OK);
    }

Deterministic Fix


Detection Pattern

Look for these patterns in your codebase:

# Find File constructor with user input
grep -rn "new File(" --include="*.java" | grep -E "\+|getParameter"
# Find path operations
grep -rn "Paths.get\|Files.read\|Files.write" --include="*.java"

Remediation Steps

  1. Normalize file paths using Path.normalize() or Paths.get().normalize()

  2. Validate the canonical path is within allowed directory

  3. Use allowlist for permitted file names or extensions

  4. Reject paths containing .. or absolute paths

  5. Use secure file APIs that prevent traversal


Key Imports


import java.nio.file.Path;

import java.nio.file.Paths;

import java.io.File;


Verification

After remediation:

  • Re-run SAST scan - CWE-22 should be resolved

  • Test with traversal payloads: ../../../etc/passwd

  • Verify access is restricted to intended directory


Trigger Examples

Fix CWE-22 vulnerability
Resolve Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) issue
Secure this Java code against improper limitation of a pathname to a restricted directory (path traversal)
SAST reports CWE-22

Common Vulnerable Locations

| Layer | Files | Patterns | |-------|-------|----------|

| Controller | *Controller.java | File download/upload |

| Service | *Service.java | File processing |

| Utility | *Util.java | File operations |


References


Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07