Path trav

A simple path traversal checker made with Rust. Useful for APIs that serve dynamic files.

Note: this is a security tool. If you see something wrong, open an issue in GitHub.

How it works?

The is_path_trav function receives two paths, one is the base path and the other is the path to check. To verify if the second is inside the first, path_trav turn paths into absolute and check if the second route contains the first.

Example 1.

Base  : /home/user/data   -->  /home/user/data

Rel     : ./data/folder          -->  /home/user/data/folder

Relative path is inside base path.

Example 2.

Base  : /home/user/data              -->  /home/user/data

Rel     : ./data/../../../etc/passwd   -->  /etc/passwd

Relative paths isn't inside base path, tries to acces sensitive data

Example

Add path_trav to your Cargo.toml

[dependencies]
path_trav = "1.0.0"

Then, on your main.rs file

use std::path::Path;
use path_trav::is_path_trav;

fn main() {
    let important_file = Path::new("./data/../../../etc/passwd");

    // with absolute path
    let check_abs = is_path_trav(&Path::new("/home/user/data"), &important_file).unwrap();

    // with relative path
    let check_rel = is_path_trav(&Path::new("./data"), &important_file).unwrap();
}

is_path_trav returns Result<bool, &'static str>. Unwrap it or use match to get the result. If returns true, there are path traversal.

License

path_trav is licensed under the GPL-3 license.

Contribute

🥳 Any PR is welcome! Is a small project, so the guideline is to follow the code style and not make insane pruposes.

Links

• Web
• Donate (via PayPal)
• Discord (spanish)

Gátomo - GPL-3 License