40
41
42class TestFilesystem:
43 dir = '/tmp/ajenti-filesystem-test' 44
45 def path(self, p):
46 return os.path.join(self.dir, p)188 name = file['name']
189 path = file['path']
190 id = file['id']
191 chunk_dir = f'/tmp/upload-{id}'192
193 target = os.path.join(path, name.replace('/', ''))
194 with open(target, 'wb') as f:154
155 id = http_context.query['flowIdentifier']
156 chunk_index = http_context.query['flowChunkNumber']
157 chunk_dir = f'/tmp/upload-{id}'158 try:
159 os.makedirs(chunk_dir)
160 except Exception as e:128
129 id = http_context.query['flowIdentifier']
130 chunk_index = http_context.query['flowChunkNumber']
131 chunk_dir = f'/tmp/upload-{id}'132 try:
133 os.makedirs(chunk_dir)
134 except Exception as e:Using hardcoded temp directory is unsafe. The program can be tricked into performing file actions against the wrong file or using a malicious file instead of the expected temporary file. Prefer using tempfile
Malicious users can predict the file name and write to the directory containing the temporary file. They effectively hijack the temporary file by creating a symlink with the name of the temporary file before the program creates the file itself. This allows a malicious user to supply malicious data or cause actions by the program to affect the attacker chosen files.
tempfile.TemporaryFile function should be used to safely create temporary files. Besides creating temporary files safely, it creates random filenames, which can not be predicted, and cleans up the file automatically.
Bad practice
with open('/tmp/abc', 'w') as f: # Insecure, Hard coded temporary directory used
f.write('stuff')
Recommended
import tempfile
# Secure, temporary file is created using tempfile.TemporaryFile
# File will be deleted on close
with tempfile.TemporaryFile() as tmp:
tmp.write('stuff')
References:
- OWASP Top 10 2021 Category A04 - Insecure Design
- CWE 377 - Insecure Temporary File
- Python tempfile