CWE-73 External Control of File Name or Path
Coverage status: Background only, this CWE is in scope but has no rules in the SiteShadow rule registry. Taint and heuristic analyzers may flag related patterns; see the coverage report and known gaps for the authoritative list.
What this means
SiteShadow flagged a pattern where external input (request params/body/query) influences a file name or path used by the system.
Why it matters
Untrusted path control can expose sensitive data or allow unintended access.
- Path traversal to read/write unintended files (see
CWE-22/23/36). - Symlink/TOCTOU exploits when combined with link following (see
CWE-61/CWE-362). - Data exfiltration via file download/export endpoints.
Safer examples
1) Use allowlists (recommended)
If the user is selecting from known files, allowlist those choices.
2) Normalize and enforce a base directory
Resolve the final path and ensure it stays inside your intended directory.
3) Prefer IDs over paths
Accept a file ID and map to a server-known path rather than accepting arbitrary paths.
How SiteShadow detects it (high level)
- Detects file access APIs combined with request-derived input.
- Flags missing allowlists/base-dir enforcement for file paths.
References
- CWE-73: https://cwe.mitre.org/data/definitions/73.html
---
← Back to Vulnerability Library
Catch this with SiteShadow Pro.
This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.