averello/cursor-security-rules-mirror
1
0
Fork 0
mirror of https://github.com/matank001/cursor-security-rules.git synced 2025-12-12 20:35:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add file path manipulations rule

Browse Source
This commit is contained in:
nimK1987
2025-08-11 14:11:30 +03:00
parent 2b29158ad9
commit 5bde17eaae
1 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
secure-dev-c-sharp.mdc
View File

@@ -77,3 +77,30 @@ For file validation, tilize MIME Type Validation libraries, like `MimeDetective`
};
return JsonSerializer.Deserialize<T>(json, options) // Type-safe
```
## 7. Validate and Normalize File Paths
- **Rule:** To prevent file path manipulations, normalize and validate input file paths to prevent access to sensitive files.
- **Unsafe:**
```cs
string basePath = "/home/files/";
// Dangerous - filename can contain "../../etc/passwd"
string fullPath = Path.Combine(basePath, filename);
string content = System.IO.File.ReadAllText(fullPath);
```
- **Safe:**
```cs
string basePath = "/home/files/";
// Absolute path is resolved and normalized
string fullPath = Path.GetFullPath(Path.Combine(basePath, filename));
// Ensure the resolved path starts with the base path
if (!fullPath.StartsWith(basePath, StringComparison.Ordinal))
{
return BadRequest("Invalid file path.");
}
if (!System.IO.File.Exists(fullPath))
{
return NotFound();
}
string content = System.IO.File.ReadAllText(fullPath);
```