Ansicht
Dokumentation
ABENDATASET_AUTH_SELF - DATASET AUTH SELF
CPI1466 during Backup ABAP Short ReferenceThis documentation is copyright by SAP AG.
Validation of File Names
In addition to the automatic authorization checks, it may be necessary to validate file names before they are used to prevent directory traversals. This is particularly important if the following applies:
- The automatic authorization checks are not enough, for example because the database table SPTH or too few authorizations have been defined for the authorization object S_DATASET.
- Programs with physical file names are used, and these file names are provided using external interfaces such as APIs or UIs.
However, if logical file names are consistently used, there is no need for validation.
Using Logical File Names
File names do not usually need to be validated if a program is consistent in using only logical file names created by the system administrator in the transactions FILE or SF01. Next, the set of logical file names available to an application defines the set of possible physical file names. The associated physical file names are not processed explicitly in the program. Instead, the function module FILE_GET_NAME is used to create the physical file name from the logical file name directly before it is used in a statement of the file interface and used for file access.
Example
The following program works with a logical file name in field log_name. The function module FILE_GET_NAME uses this file name to create a platform-dependent physical file name in phys_name for use in the statement OPEN DATASET. Since the value abap_true is passed to the parameter INCLUDING_DIR, the physical file name is absolute, that is, it contains an absolute path.
Using Physical File Names
If a program uses physical file names, the name must almost always be validated.
Self-Programmed Validation
If valid directories and file names are defined exactly, as is often the case in programs from the technical infrastructure, this type of validation can be skipped. The following can be used, for example:
- Methods from character string processing,
- Methods from class CL_ABAP_DYN_PRG for checking include lists,
- Methods in the class CL_FS_PATH
However, self-programmed validations, especially when using character string processing, is suitable only for the simplest cases. For all other cases, validation with logical file names is usually recommended.
Validation with Logical File Names
In many use cases, directories and file names are generic, and are predefined by the system administrator when configuring the system. They can be modified or enhanced while the system is running. In these cases, the concept of logical file names should be employed when handling physical file names explicitly.
In addition to the case above, where a program uses only logical file names, the associations between logical and physical file names can also be used to validate physical file names. If the list of logical file names is complete, the function module FILE_VALIDATE_NAME can be called before a file is accessed. This module checks whether the physical file name has a corresponding logical file name or whether the directory is valid. In this way, the function module checks whether the physical file exists in the set defined by the logical file names.
Note
The function module FILE_VALIDATE_NAME always checks absolute file names with path specifications. If a relative file name is passed for checking, the default path is implicitly prefixed to DIR_HOME in accordance with the profile parameter.
Example
Validation of a directory. For a directory, the logical file name contained in log_name must have been created in the format DIR using transaction FILE. The function module FILE_GET_NAME provides the platform-dependent path for this directory in path. For a directory, the value abap_true must be passed to parameter INCLUDING_DIR, otherwise the function module terminates with an exception. The method IS_RELATIVE of class CL_FS_PATH is used to check whether a file name phys_name entered by a user is relative or contains an absolute path. An existing absolute file name is transferred without being modified. Relative file names are concatenated with the path. This is done using the method APPEND_PATH_NAME of a path object from the class CL_FS_PATH created from path. This object is platform-independent and works regardless of whether path contains a closing separator like \. Finally, phys_name with FILE_VALIDATE_NAME is validated by checking the directory of log_name. This check is also necessary when creating a chain from the path and relative file name. This is because the specified relative file name can contain parts such as \..\, which can point to path locations outside of the allowed directory.
CL_GUI_FRONTEND_SERVICES - Frontend Services CPI1466 during Backup
This documentation is copyright by SAP AG.
Length: 6586 Date: 20240423 Time: 095753 sap01-206 ( 96 ms )
