SiteShadow
Back to vulnerability library
Detected byCWE-aware static analysisPro

CWE-22 Path Traversal

Coverage: 30 rules in the SiteShadow rule registry target this CWE (registry v2.0.0). Regex 30 Also: Taint and heuristic analyzers may also detect related flows (see coverage for the authoritative list) Registry tagging shows intent, for sample-level behaviour and benchmarked gaps see known gaps.

What this means

SiteShadow detected a path construction pattern where untrusted input may control what file is read or written.

Why it matters

Safer examples

1) Map IDs to known files (instead of accepting paths)

const files = {
  invoice: "/srv/reports/invoice.csv",
  summary: "/srv/reports/summary.json",
};
const path = files[req.query.type] ?? files.summary;

2) Normalize + enforce a base directory

from pathlib import Path

base = Path("/srv/uploads").resolve()
candidate = (base / filename).resolve()
if base not in candidate.parents:
    raise ValueError("Invalid path")

3) Validate file extensions only as an extra check

Extensions help but are not enough on their own. Prefer allowlists and base-dir enforcement.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.