Fix partial path traversal Java example Again

JLLeitschuh · JLLeitschuh · commit e641505361f2 · 2023-03-31T23:36:07.000-04:00
The original wouldn't compile, and the fix made by github#11899 is sub-optimal. This keeps the entire comparision using the Java `Path` object, which is optimal. Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
diff --git a/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java b/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java
@@ -1,7 +1,7 @@
 public class PartialPathTraversalBad {
     public void example(File dir, File parent) throws IOException {
         if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) {
-            throw new IOException("Invalid directory: " + dir.getCanonicalPath());
+            throw new IOException("Path traversal attempt: " + dir.getCanonicalPath());
         }
     }
 }
diff --git a/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java b/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java
@@ -1,7 +1,9 @@
+import java.io.File;
+
 public class PartialPathTraversalGood {
     public void example(File dir, File parent) throws IOException {
-        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {
-            throw new IOException("Invalid directory: " + dir.getCanonicalPath());
+        if (!dir.toPath().normalize().startsWith(parent.toPath())) {
+            throw new IOException("Path traversal attempt: " + dir.getCanonicalPath());
         }
     }
 }
diff --git a/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalRemainder.inc.qhelp b/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalRemainder.inc.qhelp
@@ -26,10 +26,9 @@ and not just children of <code>parent</code>, which is a security issue.
 
 <p>
 
-In this example, the <code>if</code> statement checks if <code>parent.getCanonicalPath() + File.separator </code> 
-is a prefix of <code>dir.getCanonicalPath()</code>. Because <code>parent.getCanonicalPath() + File.separator</code> is
-indeed slash-terminated, the user supplying <code>dir</code> can only access children of 
-<code>parent</code>, as desired.
+In this example, the <code>if</code> statement checks if <code>parent.toPath()</code> 
+is a prefix of <code>dir.normalize()</code>. Because <code>Path#startsWith</code> will do the correct check that 
+<code>dir</code> is ia child children of <code>parent</code>, as desired.
 
 </p>
 

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`public class PartialPathTraversalBad {`
`2`	`2`	`public void example(File dir, File parent) throws IOException {`
`3`	`3`	`if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) {`
`4`		`- throw new IOException("Invalid directory: " + dir.getCanonicalPath());`
	`4`	`+ throw new IOException("Path traversal attempt: " + dir.getCanonicalPath());`
`5`	`5`	`}`
`6`	`6`	`}`
`7`	`7`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,9 @@`
	`1`	`+import java.io.File;`
	`2`	`+`
`1`	`3`	`public class PartialPathTraversalGood {`
`2`	`4`	`public void example(File dir, File parent) throws IOException {`
`3`		`- if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {`
`4`		`- throw new IOException("Invalid directory: " + dir.getCanonicalPath());`
	`5`	`+ if (!dir.toPath().normalize().startsWith(parent.toPath())) {`
	`6`	`+ throw new IOException("Path traversal attempt: " + dir.getCanonicalPath());`
`5`	`7`	`}`
`6`	`8`	`}`
`7`	`9`	`}`