Severity: high
Type: CWE-59: Improper Link Resolution Before File Access
Exploitable: YES
Confidence: 95%
The validateSafeDirectory method at line 63 uses dir.getAbsoluteFile() to resolve the path, but this does NOT resolve symbolic links. An attacker or careless user can create a symlink (e.g., 'ln -s / /tmp/safe-looking-dir') and pass '/tmp/safe-looking-dir' to the tool. The safety check compares the absolute path '/tmp/safe-looking-dir' against the DANGEROUS_PATHS blocklist, which passes. However, the actual target is '/' (or any other protected path). The tool then proceeds to fill the root filesystem with zero-filled files, potentially destroying the system. All three analysis perspectives confirmed this as a real, exploitable vulnerability. The fix is to use File.getCanonicalFile() or Path.toRealPath() to resolve symlinks before checking against the blocklist.
Location: /home/sfloess/Development/github/FlossWare/diskwipe-java/src/main/java/org/flossware/diskwipe/CleanDisk.java:63
Remediation:
Replace 'final File absDir = dir.getAbsoluteFile()' at line 63 with 'final File absDir = dir.getCanonicalFile()' (wrapping the IOException), or use 'dir.toPath().toRealPath()'. This resolves all symbolic links before comparing against the dangerous paths blocklist. Additionally, consider adding a check with Files.isSymbolicLink() to warn users when operating on symlinked directories.
Impact Score: 100
Severity: high
Type: CWE-59: Improper Link Resolution Before File Access
Exploitable: YES
Confidence: 95%
The validateSafeDirectory method at line 63 uses dir.getAbsoluteFile() to resolve the path, but this does NOT resolve symbolic links. An attacker or careless user can create a symlink (e.g., 'ln -s / /tmp/safe-looking-dir') and pass '/tmp/safe-looking-dir' to the tool. The safety check compares the absolute path '/tmp/safe-looking-dir' against the DANGEROUS_PATHS blocklist, which passes. However, the actual target is '/' (or any other protected path). The tool then proceeds to fill the root filesystem with zero-filled files, potentially destroying the system. All three analysis perspectives confirmed this as a real, exploitable vulnerability. The fix is to use File.getCanonicalFile() or Path.toRealPath() to resolve symlinks before checking against the blocklist.
Location: /home/sfloess/Development/github/FlossWare/diskwipe-java/src/main/java/org/flossware/diskwipe/CleanDisk.java:63
Remediation:
Replace 'final File absDir = dir.getAbsoluteFile()' at line 63 with 'final File absDir = dir.getCanonicalFile()' (wrapping the IOException), or use 'dir.toPath().toRealPath()'. This resolves all symbolic links before comparing against the dangerous paths blocklist. Additionally, consider adding a check with Files.isSymbolicLink() to warn users when operating on symlinked directories.
Impact Score: 100