Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UnrestrictedFileUpload: uploaded file is not accessible when root directory "/" is not writable #449

Closed
tkomlodi opened this issue Nov 2, 2023 · 2 comments
Closed

UnrestrictedFileUpload: uploaded file is not accessible when root directory "/" is not writable #449

tkomlodi opened this issue Nov 2, 2023 · 2 comments
Assignees
@tkomlodi
Labels
Need-To-Look

Comments

@tkomlodi
Copy link
Contributor

tkomlodi commented Nov 2, 2023

Describe the bug
When running the application using gradle on a linux system, which does not allow writing the root directory by the app, files will be uploaded into a temp folder which is not accessible subsequently.

To Reproduce

  1. Start application using "./gradlew bootRun" on a linux system which does not allow creating new directories by the application in the root / folder.
  2. Go to the UnrestrictedFileUpload/LEVEL_1 vulnerability and upload a file.
  3. Try to access the uploaded file using the suggested path: VulnerableApp/upload/<file_name>
  4. This will generate a "not found" error.

Expected behavior
The above path should download the file.

Additional context
As far as I can tell, this issue is related to the fix for #256 and #255:
5f273b4
The original issue was caused by a FileSystemNotFoundException exception that prevented the "root" property from initializing. In my environment, the current code successfully initializes and creates the "root" (static) path and folder, but fails creating the "contentDispositionRoot" folder. This triggers an exception which causes the "root" path being replaced with a tmp folder.
The file upload succeeds to the ("root") tmp folder, however, this location is not available for download.

Would you like to help fix this issue?
I'm not completely clear how the current code is intended to behave when there is no filesystem (FileSystemNotFoundException), however, I have a tentative fix that works for my environment, and also when running the app as a jar file.

If the issue makes sense and is accepted, please assign it to me and I'll create a pull request with the fix and try to give more context at that point. The proposed fix only changes two lines.
@preetkaran20
Copy link
Member

Hi @tkomlodi ,

Thanks for detailed issue. Yes, please raise the fix with the PR. We can look into it.

Thanks,
Karan

tkomlodi added a commit to tkomlodi/VulnerableApp that referenced this issue Nov 14, 2023
@tkomlodi
Fixed file upload tmp directory creation when root directory is not w…
6ce0de9 
…rittable by application SasanLabs#449.
@tkomlodi tkomlodi mentioned this issue Nov 17, 2023
Merged
preetkaran20 pushed a commit that referenced this issue Dec 3, 2023
@tkomlodi
Fixed file upload tmp directory creation when root directory is not w…
b1fad11 
…rittable by application #449. (#453)
@preetkaran20
Copy link
Member

preetkaran20 commented Dec 3, 2023
edited
Loading

Closing this issue as being addresses #453

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tkomlodi tkomlodi

Labels
Need-To-Look
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tkomlodi @preetkaran20