Sanitize Absolute Paths

When you extract a subfile from a container and write it to disk, you specify an extract directory and a path to extract the file to.

To set the path, you might use the path in the container file that you are extracting from, as returned from the Filter.extGetSubFileInfo() method. However, if the path is an absolute path, the file could be created outside the directory you have chosen as the extract directory. Your application might then contain a vulnerability that could be exploited to write files to unexpected locations in the file system. This section discusses some File Content Extraction features that can help you secure your application by sanitizing paths.

File Content Extraction always sanitizes relative paths that you pass in when extracting files, so that the paths remain within the extract directory you specify. For example, File Content Extraction does not allow the use of ".." to move outside the extract directory.

File Content Extraction can update absolute paths so that they remain within the extract directory. You can instruct File Content Extraction to sanitize absolute paths programmatically (through the API), or by setting a parameter in the configuration file.

The following table shows the effect on some example paths.

Requested path Path of extracted file (not sanitized) Path of extracted file (sanitized)
file.txt extractDir/file.txt extractDir/file.txt
dir/file.txt extractDir/dir/file.txt extractDir/dir/file.txt
../file.txt extractDir/file.txt extractDir/file.txt
/dir/file.txt /dir/file.txt extractDir/dir/file.txt

To sanitize absolute paths

  • Call the method setSanitizeAbsolutePaths on the ExtSubFileExtractConfig that you pass in to extExtractSubFile. When File Content Extraction sanitizes a path and the resulting directory does not exist, extraction fails unless you instruct File Content Extraction to create the directory, so you might also want to call the method setCreateDirectory. You can find the path that a file was actually extracted to from the ExtSubFileExtractInfo object that is returned from the extExtractSubFile method.

To sanitize absolute paths (through configuration)

  • In the formats.ini configuration file, set the parameter SanitizeAbsoluteExtractPaths, for example:

    [Options]
    SanitizeAbsoluteExtractPaths=TRUE