os

Protection from Local File Inclusion (LFI) Attacks

All known functions that open files are susceptible to Local File Inclusion (LFI) attacks. This aspect protects against LFI attacks by wrapping the os.OpenFile function with a security operation that will block the operation if it is deemed unsafe.

Instrumenting only the os.OpenFile function is sufficient to protect against LFI attacks, as all other functions in the os package that open files ultimately call os.OpenFile (as of Go 1.23).

OpenFile

Join Point
All of
  • Import path os
  • Function body
    • Function declaration
      • Function name OpenFile
Advice
Prepend statements produced by the following template:
// Using the following synthetic imports:
import (
	dyngo "gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo"
	events "gopkg.in/DataDog/dd-trace-go.v1/appsec/events"
	ossec "gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/emitter/ossec"
)
__dd_parent_op, _ := dyngo.FromContext(nil)
if __dd_parent_op != nil {
		__dd_op := &ossec.OpenOperation{
				Operation: dyngo.NewOperation(__dd_parent_op),
		}

		var __dd_block bool
		dyngo.OnData(__dd_op, func(_ *events.BlockingSecurityEvent) {
				__dd_block = true
		})

		dyngo.StartOperation(__dd_op, ossec.OpenOperationArgs{
				Path: {{ .Function.Argument 0 }},
				Flags: {{ .Function.Argument 1 }},
				Perms: {{ .Function.Argument 2 }},
		})

		defer dyngo.FinishOperation(__dd_op, ossec.OpenOperationRes[*File]{
				File: &{{ .Function.Result 0 }},
				Err: &{{ .Function.Result 1 }},
		})

		if __dd_block {
				return
		}
}