LahiruD
Reputation: 93
Directory Traversal Attack in c# for Path.Combine
I have a Rest Service which is inputs as parameters.Inside that there is a Path.Combine method which is used to generate a path.But in veracode it catch Path.Combine method for Directory Traversal Injection. Any possible ways to fix the issue.
var path = HttpContext.Current.Server.MapPath("~/MainFolder");
var name ="sampleLog";
var filename = String.Format("{0}.txt",name);
var fullpath = Path.Combine(path, filename); // Veracode shows this method as a possible injection
I have tried to validate the filename using the following method , but it did n't take as a fix.
private string CleanFileName(string name)
{
return Path.GetInvalidFileNameChars().Aggregate(name, (current, c) => current.Replace(c.ToString(), string.Empty));
}
Any other possible solution to avoid this fix this issue ?
Upvotes: 1
Views: 2269
Answers (0)
Related Questions
- Safe version of Path.Combine
- Path traversal warning when using Path.Combine
- Weird behaviour by System.IO.Path.Combine()
- Why Path.Combine() disrespects ".." (up one folder level)?
- C#: Path.Combine not giving full path
- Veracode directory traversal Issue c#
- Why does Path.Combine behave the way it does?
- Navigating Directories using Path.Combine
- Path.Combine() returns unexpected results
- Unexpected behavior from path.combine