Skip to content

ABAP Keyword Documentation →  ABAP - Reference →  Processing External Data →  ABAP File Interface →  Authorization for File Access 

Validation of File Names

Alongside the automatic authorization checks, it may be necessary to validate field names before they are used to prevent directory traversals. This is particularly important if

  • the automatic authorization checks are not enough, for example because the database table SPTH or the authorizations for the authorization objectS_DATASET have not been defined in full.
  • programs with physical file names are used, and these file names are provided using external interfaces such as APIs or UI.

However if logical file names are consistently used, there is no need for validation.

Other versions: 7.31 | 7.40 | 7.54

Using Logical File Names

File names do not usually need to be validated if a program is consistent in using only logical file names created by the system administrator in the transactions FILE or SF01. Next, the set of logical file names available to an application defines the set of possible physical file names. The associated physical file names are not edited explicitly in the program. Instead, the function module FILE_GET_NAME is used to generate the physical file name from the logical file name directly before it is used in a statement of the file interface and used for file access.


Example

The following program works with a logical file name in field log_name. The function module FILE_GET_NAME uses this file name to generate a platform-specific physical file name in phys_name (for use in statement OPEN DATASET). As the value abap_true is passed to parameter INCLUDING_DIR, the physical file name is absolute; in other words, it contains an absolute path.

DATA: log_name  TYPE filename-fileintern, 
      phys_name TYPE string. 

... 

CALL FUNCTION 'FILE_GET_NAME' 
  EXPORTING 
    logical_filename = log_name 
    including_dir    = abap_true 
  IMPORTING 
    file_name        = phys_name 
  EXCEPTIONS 
    file_not_found   = 2 
    OTHERS           = 4. 
IF sy-subrc <> 0. 
  MESSAGE ID sy-msgid TYPE 'I' NUMBER sy-msgno 
                     WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4 
                      DISPLAY LIKE sy-msgty. 
  RETURN. 
ENDIF. 

OPEN DATASET phys_name FOR OUTPUT IN TEXT MODE ENCODING UTF-8 . 

... 

Using Physical File Names

If a program uses physical file names, then the name almost always needs to be validated.

Self-Programmed Validation

If valid directories and file names are defined precisely (as is often the case in programs from the technical infrastructure), this type of validation can be skipped. The following can be used, for example:

  • Methods from class CL_ABAP_DYN_PRG for checkingwhitelists,
  • Methods in the class CL_FS_PATH

However, a validation that you have programmed yourself (especially when using character string processing) is only for simple cases. For all other cases, validation with logical file names is usually recommended.

Validation with logical file names

In many cases, directories and file names are generic, and are predefined by the system administrator when configuring the system. They can be modified or enhanced while the system is running. In these cases, the concept of logical file names should be employed when handling physical file names explicitly.

In addition to the case above, where a program uses only logical file names, the associations between logical and physical file names can also be useful when handling physical file names for validation purposes. As long as the list of logical file names is complete, the function module FILE_VALIDATE_NAME can be called before a file is accessed. This module checks whether the physical file name is associated with a logical file name or whether the directory is valid. In this way, the function module checks whether the physical file exists in the set defined by the logical file names.


Note

The function module FILE_VALIDATE_NAME always checks absolute file names with specified paths. If a relative file name is passed for checking, the default path is implicitly added as a prefix to DIR_HOME in accordance with the profile parameter.


Example

Validation of a directory. For a directory, the logical file name contained in log_name must have been created in the format DIR using transaction FILE. The function module FILE_GET_NAME provides the platform-specific path for this directory. For a directory, the value abap_true must be passed to parameter INCLUDING_DIR, otherwise the function module is terminated with an exception. Method IS_RELATIVE of class CL_FS_PATH checks whether a file name entered by a user is relative or contains an absolute path. A relative file name is chained with the path to an absolute file name in phys_name. An existing absolute file name is applied without being modified. Finally, phys_name with FILE_VALIDATE_NAME is validated by checking the directory of log_name. This check is also necessary when creating a chain from the path and relative file name. This is because the specified relative file name can contains parts such as ..\, which can point to path locations outside of the permitted directory.

DATA: file TYPE string, 
      log_name  TYPE filename-fileintern, 
      path      TYPE string. 

CALL FUNCTION 'FILE_GET_NAME' 
  EXPORTING 
    logical_filename = log_name 
    including_dir    = abap_true 
  IMPORTING 
    file_name        = path 
  EXCEPTIONS 
    file_not_found   = 2 
    OTHERS           = 4. 
IF sy-subrc <> 0. 
  MESSAGE ID sy-msgid TYPE 'I' NUMBER sy-msgno DISPLAY LIKE sy-msgty. 
  RETURN. 
ENDIF. 

cl_demo_input=>request( CHANGING field = file ). 

DATA(phys_name) = COND string( 
  WHEN cl_fs_path=>create( file )->is_relative( ) = abap_true THEN 
    path && file 
  ELSE 
    file ). 

CALL FUNCTION 'FILE_VALIDATE_NAME' 
  EXPORTING 
    logical_filename           = log_name 
  CHANGING 
    physical_filename          = phys_name 
  EXCEPTIONS 
    logical_filename_not_found = 1 
    validation_failed          = 2 
    OTHERS                     = 4. 

IF sy-subrc <> 0. 
  MESSAGE ID sy-msgid TYPE 'I' NUMBER sy-msgno 
                     WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4 
                      DISPLAY LIKE sy-msgty. 
  RETURN. 
ENDIF. 

OPEN DATASET phys_name FOR OUTPUT IN TEXT MODE ENCODING UTF-8 .