ABAP Keyword Documentation →  ABAP - Security Notes →  Security Risks in Dynamic Programming → 

Directory Traversal

File names can be specified as the content of a character-like data object in the statements and system class of the ABAP file interface. If some or all of this content originates outside of the calling program, there is a risk that files or file paths are accessed by unauthorized sources (this is known as directory traversal). To combat security risks of this type, the file names must be validated. Here, the function module FILE_VALIDATE_NAME is recommended, which uses the existing logical file names as a whitelist.

Potential dynamic access to the file interface and hence a potential security risk when handling input can occur in the following cases:

Note

Alongside the validation of file names, adequate checks should be made on the authorizations for file access.

Example

The following program section shows how a physical file name entered by an external source is validated by checking whether a logical file name exists for it.

DATA file TYPE string.
cl_demo_input=>request( CHANGING field = file ).

CALL FUNCTION 'FILE_VALIDATE_NAME'
  EXPORTING
    logical_filename           = 'EXAMPLE_FILE'
  CHANGING
    physical_filename          = file
  EXCEPTIONS
    logical_filename_not_found = 1
    validation_failed          = 2
    OTHERS                     = 3.
IF sy-subrc = 0.
  OPEN DATASET file FOR OUTPUT IN BINARY MODE.
ELSE.
  cl_demo_output=>display( |Error return code { sy-subrc }| ).
ENDIF.