Does Azure storage allow path traversal?

Security-wise, if I receive parts of the path from the user, do I need to sanitize them?

Oversimplified example (in Python):

from azure.storage.blob import BlobServiceClient
client = BlobServiceClient.from_connection_string("<mypassword>")
container = client.get_container("mycontainer")
container.upload_blob(f"path/{input()}", b"data")

Can input() contain ../ and thus cause a path traversal attack?

Solution

No, azure storage does not allow path traversal.

When it detects the path has ../, it will throw an authentication error.

In short, if the path looks like this path/path2/../aa.txt, in client side, this path will be used to generate a token; in server side, it will automatically remove the ../ from the path, then use the new path(which does not contain ../) to generate a token. Thus the client side token does not match the server side token when authentication. Then an error occurs.

Azure Service Plan - Convert Consumption App to Premium App
No PK or FK when exporting SQL Server database
Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
How to create a dataset for Azure custom speech using spx (speechCLI)
Azure App Service Autoscale Fails to Scale In
Azure Scale Out on Memory keeps flapping (not scaling in)
Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
A keyvault created with access policy using BICEP creates compound identity
Azure Loadbalancer with public IP forward traffic to Container Apps
How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
What means skipNegotiation in SignalR HubConnection?
Azure ClientCertificateCredential - Using SNI
Azure AI Search MultiIndex / Conditional Semantic search
MSAL Node service & The Partner Center API
Load Registered Component in Azure ML for Pipeline using Python sdk v2
Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
How to take max value and replace it in drived column in data factory
Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
Azure Cost Management - track costs associated with Databricks job
Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
How to check Debug.Writeline() output in VS code?
C# API - Provide download of files from Azure Blobstorage
localhost:300/api is not working : "This page isn’t working"
Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
Failed to deploy path that does not exist
Using Azure WAF for my server(not in Azure)
How and where to define an environment variable on Azure
Azure Data Factory - Unable to preview data
Azure yaml trigger pipeline every 14 days on a Saturday