Path Traversal File Escape
What it is
User-controlled paths or filenames appear to reach filesystem access without base-directory containment evidence.
This usually appears when file or object workflows are generated before size, type, path, and access boundaries are made explicit.
How to fix it
Normalize, resolve, and verify containment under a fixed base directory; prefer generated server-side filenames.
- 1Normalize and resolve user-supplied paths, then verify containment under a fixed base directory.
- 2Prefer server-generated filenames over user-controlled ones.
- 3Add traversal-payload tests (../ and encoded variants) at every file access path.
How VibeAudit checks for this
VibeAudit checks this with Q0_EXTERNAL_SHALLOW observations, SAST_LOCAL_STRUCTURAL route/config evidence, and non-destructive DAST_Q1_ACTIVE probes when authorized. The free tier may show the surface name only, without private evidence or remediation details. Metadata-only surface maps do not create missing-control findings. Unsupported private repositories, authenticated behavior, destructive workflows, account configuration, and business logic remain unverified unless the scan includes matching local, imported, or authorized runtime evidence.
Related failure modes
Check your public launch surface and keep unsupported scope visible.
Run Quick Scan