ARTICLE
Directory Traversal
File names can be specified as the content of a character-like data
object in the statements and system class of the
ABAP file interface . If some or
all of this content originates outside of the calling program, there is
a risk that files or file paths are accessed by unauthorized sources
(this is known as directory
traversal ). To combat security risks of this type, the
file names must be validated . Here, the
function module FILE_VALIDATE_NAME
is recommended, which uses the existing
logical file names as a
whitelist .
Potential dynamic access to the file interface and hence a potential
security risk when handling input can occur in the following cases:
When the file name is specified dynamically in the statements
OPEN DATASET and
DELETE DATASET .
When the file name is specified dynamically for the method
CREATE_UTF8_FILE_WITH_BOM of the system class
CL_ABAP_FILE_UTILITIES .
Note
Alongside the validation of file names, adequate checks should be made
on the authorizations for file access .
Example
The following program section shows how a physical file name entered by
an external source is validated by checking whether a logical file name
exists for it.
DATA file TYPE string.
cl_demo_input=>request( CHANGING field = file ).
CALL FUNCTION 'FILE_VALIDATE_NAME'
EXPORTING
logical_filename = 'EXAMPLE_FILE'
CHANGING
physical_filename = file
EXCEPTIONS
logical_filename_not_found = 1
validation_failed = 2
OTHERS = 3.
IF sy-subrc = 0.
OPEN DATASET file FOR OUTPUT IN BINARY MODE.
ELSE.
cl_demo_output=>display( |Error return code { sy-subrc }| ).
ENDIF.
Documentation extract taken from SAP system, � Copyright SAP AG. All rights reserved