How to avoid path traversal issue in Python 3.6

Asked Jul 26 '22 at 19:56

Active Jul 27 '22 at 05:40

Viewed 611 times

We have the below piece of code in a python script, and the Checkmarx code scanning tool threw a warning.

Method process_input at line 89 of abcd.py gets dynamic data from the argv element. This element’s value then flows through the code and is eventually used in a file path for local disk access in process_input at line 93 of abcd.py. This may cause a Path Traversal vulnerability.

abcd.py:

class class1:

    def process_input(self, file_name: str = None):
        if not file_name:
            last_idx_of_argv = len(sys.argv)-1   
            file_name = sys.argv[last_idx_of_argv]  **#Line 89**
        if file_name in output_files:
            input_directory = output_files[file_name]
            output_zip_full_path = os.path.join(output_directory, file_name + ".zip")  **#Line 93**

if __name__ == '__main__':
    t = class1()
    try:
        t.process_input()
    except Exception:
        logger.exception("Fatel error in Class1", exc_info=True)
        raise

Please let me know if there is an alternative to avoid this issue.

Thanks in advance.

edited Jul 27 '22 at 05:40

baruchiro

5,088
5
44
66

asked Jul 26 '22 at 19:56

adusur

How to avoid path traversal issue in Python 3.6

0 Answers0

Linked