HIGH zip slipfeathersjscockroachdb

Zip Slip in Feathersjs with Cockroachdb

Scan for zip slip in feathersjs

Zip Slip in Feathersjs with Cockroachdb — how this specific combination creates or exposes the vulnerability

Zip Slip is a path traversal vulnerability that occurs when an application constructs file paths using user-supplied input without proper sanitization. In a Feathersjs application using Cockroachdb, this typically manifests in services that handle file uploads, backups, or export operations where a filename or path parameter is stored in Cockroachdb and later used to read or write files.

Feathersjs services often rely on hooks to process data before it is stored in Cockroachdb. If a hook accepts a user-provided path or archive filename and concatenates it directly to a base directory, an attacker can supply a specially crafted filename containing sequences like ../ to traverse directories. Because Cockroachdb is used as the persistence layer, the malicious path may be stored and later used by file system operations, enabling unauthorized access or overwriting of files outside the intended directory.

The interaction between Feathersjs hooks and Cockroachdb can inadvertently preserve malicious path data. For example, a file metadata record containing a relative path might be saved to Cockroachdb via a Feathersjs service, and later a background job uses that path to extract an archive. If the path is not validated or normalized before use, the traversal is possible. Additionally, if the Feathersjs application exposes administrative endpoints that query Cockroachdb for file-related records and serve files based on stored paths, the vulnerability can be exploited without direct user interaction with the file system.

Real-world attack patterns include storing a path like ../../../etc/passwd in a Cockroachdb record via a Feathersjs create call, then later using that path in a file-read operation. This can lead to sensitive data exposure or unauthorized file modification. The use of Cockroachdb does not introduce the vulnerability, but it can act as a persistent store that enables the attack across sessions or between different parts of the application.

To detect this during a scan, middleBrick tests unauthenticated endpoints that accept file or path inputs, checks whether user data is persisted in Cockroachdb, and verifies whether stored paths are later used in file operations. The scanner does not modify data but identifies whether user-controlled paths can reach file system interactions through the Feathersjs service layer and Cockroachdb storage.

Cockroachdb-Specific Remediation in Feathersjs — concrete code fixes

Remediation focuses on validating and sanitizing paths before they are stored in Cockroachdb or used in file operations. Avoid direct concatenation of user input into file paths. Use a secure base directory and resolve paths to ensure they remain within allowed locations.

Example of a vulnerable Feathersjs service that stores a user-supplied path in Cockroachdb and later uses it:

// Vulnerable code example
app.service('exports').hooks({
  before: {
    create: async context => {
      const { filePath } = context.data; // user-controlled
      context.data.storedPath = filePath; // stored in Cockroachdb via Feathersjs
      return context;
    }
  },
  after: {
    create: async context => {
      const { storedPath } = context.result;
      fs.readFileSync(storedPath); // unsafe use
      return context;
    }
  }
});

Secure version using path normalization and a controlled base directory:

const path = require('path');

const BASE_DIR = '/safe/export';

app.service('exports').hooks({
  before: {
    create: async context => {
      const userPath = context.data.filePath;
      const safePath = path.normalize(userPath).replace(/^(\/|\.\.)/, '');
      const resolved = path.resolve(BASE_DIR, safePath);
      if (!resolved.startsWith(BASE_DIR)) {
        throw new Error('Invalid path');
      }
      context.data.storedPath = resolved; // safe path stored in Cockroachdb
      return context;
    }
  },
  after: {
    create: async context => {
      const { storedPath } = context.result;
      fs.readFileSync(storedPath); // safe use
      return context;
    }
  }
});

When using Cockroachdb with an ORM or query builder in Feathersjs, ensure that path fields are validated before persistence. For example, using a validation hook that checks for directory traversal sequences:

app.service('files').hooks({
  before: {
    create: [context => {
      const { archivePath } = context.data;
      if (archivePath.includes('..') || archivePath.includes('~')) {
        throw new Error('Path traversal not allowed');
      }
      context.data.archivePath = path.resolve(archivePath);
      return context;
    }]
  }
});

Additionally, when serving files generated or referenced from Cockroachdb, always construct the path server-side using a known base directory and avoid returning raw user input to the client for path resolution. This prevents stored malicious paths from being used in subsequent requests.

Scan for zip slip in feathersjs Free API security scan

Frequently Asked Questions

Can middleBrick detect Zip Slip vulnerabilities in Feathersjs services that use Cockroachdb?
Yes, middleBrick tests unauthenticated endpoints that accept path or file inputs and identifies whether user-controlled data can influence file operations, including cases where paths are stored in Cockroachdb via Feathersjs services.
Does middleBrick provide specific fixes for Cockroachdb path handling in Feathersjs?
middleBrick provides prioritized findings with remediation guidance, such as validating and normalizing paths before storage in Cockroachdb and avoiding direct use of user-supplied paths in file operations.

Related Pages

Zip Slip in FeathersjsLearn how Zip Slip directory traversal attacks affect Feathersjs applications, how to detect them with middleBrick, and Zip Slip in CockroachdbDetect Zip Slip in CockroachDB APIs. Learn attack patterns, scanning with middleBrick, and remediation using pg_read_filZip Slip in Feathersjs on CloudflareZip Slip in Feathersjs with Cloudflare: path traversal risks and remediation with code examples for safe path resolutionZip Slip in Feathersjs on AzureUnderstand Zip Slip in Feathersjs on Azure and apply concrete fixes with code examples. Use middleBrick CLI and GitHub APci Dss: Zip Slip in FeathersjsExplore Zip Slip in Feathersjs, PCI DSS implications, and concrete secure extraction patterns to prevent path traversal Soc2: Zip Slip in FeathersjsExplore how Zip Slip affects FeathersJS APIs, SOC 2 implications, and concrete remediation examples with code.Iso 27001: Zip Slip in FeathersjsExplore Zip Slip in FeathersJS under ISO 27001, understand the risk, and apply concrete FeathersJS code fixes with path Cis: Zip Slip in FeathersjsExplore Zip Slip risks in FeathersJS, understand CIS mappings, and apply concrete path sanitization fixes with code examZip Slip in Feathersjs with Jwt TokensZip Slip in Feathersjs with Jwt Tokens: path traversal risks and remediation with secure path resolution and input validZip Slip in Feathersjs with Api KeysUnderstand Zip Slip in FeathersJS with API keys and apply secure path handling and API key–based scoping with concrete cZip Slip in Feathersjs with Hmac SignaturesZip Slip in Feathersjs with Hmac Signatures: understanding the risk and implementing secure path validation and Hmac verZip Slip in Feathersjs with Basic AuthExplore Zip Slip in Feathersjs with Basic Auth: understand the risk and apply concrete path validation fixes with code e