secure-coding_dotNet.md 2.0 KB


title: Secure Coding .NET categories: [cheatsheets]

tags: [topic]

Secure Coding .NET

Path Traversal

ZIP Slip

using (ZipFile zipFile = new ZipFile(filename))  // filename = C:\SomePath\malicious.IFXRep
{
    zipFile.Password = null;
    foreach (object obj in zipFile)
    {
        ZipEntry zipEntry = (ZipEntry)obj; // zipEntry loops every File in the Archive
        if (zipEntry.IsFile)
        {
            string name = zipEntry.Name; // name = ..\..\..\..\..\..\malicous\path\traversal\malicious.exe"
            byte[] buffer = new byte[4096];
            Stream inputStream = zipFile.GetInputStream(zipEntry);


            /*
                This is the dangerous part! The Path Traversal and the extraction path are combined.
                -> "C:\EasyApe\extract\<pid>" +  "..\..\..\" = Malicious Path Traversal
                The vulnerability here is in the usage of the library and not in the library itself.
            */
            string path2 = Path.Combine(path, name);

            string directoryName = Path.GetDirectoryName(path2);
            if (directoryName != null && directoryName.Length > 0)
            {
                    Directory.CreateDirectory(directoryName);
            }
            using (FileStream fileStream = File.Create(path2))
            {
                    StreamUtils.Copy(inputStream, fileStream, buffer);
            }
        }
    }
}

A fast way of doing this correctly:

using (FastZip zipFile = new FastZip()) {
    zipFile.ExtractZip(filename, "%APPDATA%\Local\EasyAPEPro\EasyAPE\extract\<pid>\")
}