Path Equivalence: 'filename ' (Trailing Space)
This vulnerability occurs when an application processes file paths that end with a space character (like 'document.txt ') without properly normalizing or rejecting them. Because many operating systems ignore trailing spaces in paths, this can cause the application to resolve the path differently than intended, potentially allowing attackers to access unauthorized files or directories.
At its core, this issue exploits a mismatch between how an application validates a file path and how the underlying operating system interprets it. While your code might treat 'report.pdf' and 'report.pdf ' as two distinct strings, the file system often strips the trailing space, treating them as the same location. Attackers can leverage this by crafting inputs that bypass validation checks (which look for a specific filename) but still resolve to a sensitive target file. To prevent this, developers should implement strict path normalization that removes or rejects trailing whitespace before any security decisions are made. Always resolve user-supplied paths to their canonical, absolute form before checking permissions or performing file operations. This ensures the application's logic aligns with the operating system's actual behavior, closing this ambiguous path loophole.
Impact: Read Files or DirectoriesModify Files or Directories
- File Processing
- File or Directory
- PLOVER
- Software Fault Patterns