Security-wise, if I receive parts of the path from the user, do I need to sanitize them?
Oversimplified example (in Python):
from azure.storage.blob import BlobServiceClient
client = BlobServiceClient.from_connection_string("<mypassword>")
container = client.get_container("mycontainer")
container.upload_blob(f"path/{input()}", b"data")
Can input()
contain ../
and thus cause a path traversal attack?
No, azure storage does not allow path traversal.
When it detects the path has ../
, it will throw an authentication error.
In short, if the path looks like this path/path2/../aa.txt
, in client side, this path will be used to generate a token; in server side, it will automatically remove the ../
from the path, then use the new path(which does not contain ../
) to generate a token. Thus the client side token does not match the server side token when authentication. Then an error occurs.