Last active
March 25, 2021 05:07
-
-
Save ukcoderj/9804214d3c2debe4f000e115c258e505 to your computer and use it in GitHub Desktop.
C# Helper To See If There Is A Directory Traversal Attempt on a File
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /// <summary> | |
| /// This is to guage whether someone is trying a directory traversal attack. | |
| /// I.e. they should be requesting 'somefilename.pdf' | |
| /// but they request '../anotherlocation/someotherfilename.pdf | |
| /// </summary> | |
| /// <param name="fileName">The file name to check</param> | |
| /// <returns></returns> | |
| public bool IsDirectoryTraversing(string fileName) | |
| { | |
| bool isTraversing = false; | |
| if(String.IsNullOrWhiteSpace(fileName)) | |
| { | |
| return isTraversing; | |
| } | |
| // Url decode to reveal sneaky encoded attempts e.g. '%2f' (/) or '%2e%2e%2f' (../) | |
| var decodedFileName = HttpUtility.UrlDecode(fileName); | |
| if(decodedFileName.Contains("/") || | |
| decodedFileName.Contains(@"\") || | |
| decodedFileName.Contains("$") || | |
| decodedFileName.Contains("..") || | |
| decodedFileName.Contains("?")) | |
| { | |
| isTraversing = true; | |
| } | |
| return isTraversing; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment