TechQA.

Does Azure storage allow path traversal?

933 views Asked by At

Security-wise, if I receive parts of the path from the user, do I need to sanitize them?

Oversimplified example (in Python):

from azure.storage.blob import BlobServiceClient
client = BlobServiceClient.from_connection_string("<mypassword>")
container = client.get_container("mycontainer")
container.upload_blob(f"path/{input()}", b"data")

Can input() contain ../ and thus cause a path traversal attack?

azure azure-blob-storage path-traversal
Original Q&A
1

There are 1 answers

0
Ivan Glasenberg On BEST ANSWER

No, azure storage does not allow path traversal.

When it detects the path has ../, it will throw an authentication error.

In short, if the path looks like this path/path2/../aa.txt, in client side, this path will be used to generate a token; in server side, it will automatically remove the ../ from the path, then use the new path(which does not contain ../) to generate a token. Thus the client side token does not match the server side token when authentication. Then an error occurs.

Related Questions in AZURE

Related Questions in AZURE-BLOB-STORAGE

Related Questions in PATH-TRAVERSAL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Trending Questions