Hello,
I am undergoing a skills aptitude test and need some help.
This is the code I was provided:
fn get_doc(fileName: String) -> String {
let fileName = "./Documents".to_string() + &fileName;
let fileName = str::replace(&fileName, "./", "//");
let fileName = str::replace(&fileName, "..//", "");
I have deduced that this is written with Rust because of how the function is declared, but when looking up str::replace(), this appears to be written with Kirby ( but it’s not ). Hastebin saves it as a javascript file, but this isn’t how Javascript declares functions. What language is this?
Moving on, trying to pick this apart to find the vulnerabilities. The first line of the get_doc() function appends the contents of fileName to the directory making this file path: workingDirectory/Documents/fileName
The next two lines are presumably input sanitizing, removing parent directory path calls and changing them to working directory calls.
Possibly there is a vulnerability using the escape character to bypass input sanitation? If so, I can not think of how to conduct a proof of concept for this.
Do you know what the language is? Do you see any vulnerabilities in this code? Is this client-side or server-side?