Path Equivalence: 'filename/' (Trailing Slash)
This vulnerability occurs when an application accepts file or directory paths that end with a slash (e.g., 'documents/') without properly normalizing them. This can confuse the system's path resolution logic, potentially allowing an attacker to bypass security checks and access files or directories they shouldn't.
At its core, this issue is about inconsistent path handling. Many file systems and APIs treat a path like 'public/data' and 'public/data/' as equivalent, pointing to the same directory. However, an application's custom security logic—like an allowlist or a path traversal check—might only validate the first version. When the system later resolves the trailing slash version to its canonical form, it could access a resource that bypassed the initial validation. To prevent this, developers should always normalize paths before performing any security operations. This means stripping trailing slashes (or adding them consistently) and converting the path to a single, standard format. Rely on well-tested library functions for path canonicalization instead of custom string checks, and apply all authorization rules after normalization to ensure the validated path is the same one the operating system ultimately uses.
Impact: Read Files or DirectoriesModify Files or Directories
- File Processing
- File or Directory
- PLOVER
- Software Fault Patterns