Skip to content

Instantly share code, notes, and snippets.

@fmeum
Last active Apr 6, 2021
Embed
What would you like to do?
A draft of a path traversal sanitizer for Jazzer
class PathTraversalSanitizer {
@MethodHook(type = HookType.AFTER, targetClassName = "java.io.File",
targetMethod = "<init>", targetMethodDescriptor = "(Ljava/lang/String;)")
public static void
fileConstructorHook(MethodHandle method, Object thisObject, Object[] arguments, int hookId, Object returnValue) {
File file = (File) thisObject;
String pathname = (String) arguments[0];
try {
// Check whether the canonical path of `file` lies inside a known list of allowed paths.
if (!file.getCanonicalPath().startsWith("/expected/path")) {
// If not, throw a distinctive exception that is reported by Jazzer.
throw new PotentialPathTraversalException();
}
} catch(IOException e) {
// ...
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment