HIGH zip slipaxumcockroachdb

Zip Slip in Axum with Cockroachdb

Scan for zip slip in axum

Zip Slip in Axum with Cockroachdb — how this specific combination creates or exposes the vulnerability

Zip Slip is a path traversal vulnerability that occurs when an application constructs file paths using user-supplied input without proper validation. In the context of an Axum web service that interfaces with Cockroachdb, the risk typically arises not from Cockroachdb itself, which is a distributed SQL database, but from how file paths are handled before data is written to or read from storage used in coordination with the database.

Consider an endpoint that accepts a user-provided filename or directory path to store or retrieve a file, and then records the path in Cockroachdb for later reference. If the application does not sanitize the input, an attacker can supply a path such as ../../../etc/passwd. When the server joins this input to a base directory using naive string concatenation or Path::join without canonicalization, the resulting path can escape the intended directory. This allows unauthorized file access or overwrite of critical files on the filesystem.

In Axum, handlers often receive JSON payloads containing a path field intended to be persisted alongside metadata in Cockroachdb. A vulnerable handler might look like:

use axum::{routing::post, Router};
use std::path::PathBuf;

async fn upload_handler(PathPayload { path }: PathPayload) -> String {
    // Unsafe: directly using user input to construct a filesystem path
    let full_path = PathBuf::from("/app/uploads").join(path);
    // ... write file to full_path, then store path in Cockroachdb
    format!(
Scan for zip slip in axum Free API security scan

Frequently Asked Questions

How does middleBrick detect Zip Slip in Axum applications with Cockroachdb?
middleBrick performs black-box scanning by sending crafted path traversal payloads to endpoints that interact with storage and Cockroachdb. It inspects responses and OpenAPI specs to identify missing path canonicalization and unsafe joins that could lead to Zip Slip.
Can the free plan be used to scan Axum APIs that use Cockroachdb?
Yes, the free plan provides 3 scans per month, which is sufficient to perform an initial security assessment of an Axum API integrated with Cockroachdb.

Related Pages

Zip Slip in AxumLearn how Zip Slip directory traversal attacks exploit Axum applications through malicious ZIP archives and how to impleZip Slip in CockroachdbDetect Zip Slip in CockroachDB APIs. Learn attack patterns, scanning with middleBrick, and remediation using pg_read_filZip Slip in Axum on AwsUnderstand Zip Slip in Axum on Aws with safe extraction code examples and remediation guidance. Learn how middleBrick deZip Slip in Axum on DigitaloceanUnderstand Zip Slip in Axum on Digitalocean and apply concrete path validation fixes. Use middleBrick CLI and GitHub ActIso 27001: Zip Slip in AxumExplore Zip Slip in Axum through ISO 27001 controls, with Axum-specific remediation code examples and secure extraction Hipaa: Zip Slip in AxumExplore HIPAA risks in Zip Slip when using Axum, understand path traversal in Rust web APIs, and apply concrete Axum codCis: Zip Slip in AxumUnderstand Zip Slip risks in Axum-based APIs and apply concrete Rust code fixes to prevent path traversal in file extracGdpr: Zip Slip in AxumExplore GDPR risks from Zip Slip in Axum APIs, with concrete Rust code examples and remediation steps that keep personalZip Slip in Axum with Jwt TokensLearn how Zip Slip can affect Axum APIs that handle JWT Tokens archives, and apply concrete Axum code fixes to sanitize Zip Slip in Axum with Basic AuthZip Slip in Axum with Basic Auth: how authentication and unsafe path handling interact, plus concrete Rust code fixes foZip Slip in Axum with Api KeysExplore Zip Slip in Axum when API keys influence file paths. Learn safe patterns and concrete Axum code fixes to preventZip Slip in Axum with Mutual TlsZip Slip in Axum with mutual TLS: understanding the risk and implementing path validation with concrete Rust code exampl