What does Canonical Representation mean and its potential vulnerability to websites

user130532 picture user130532 · Jul 22, 2009 · Viewed 13k times · Source

I searched on google for a meaning of canonical representation and turned up documents that are entirely too cryptic. Can anyone provide a quick explanation of canonical representation and also what are some typical vulnerabilities in websites to canonical representation attacks?

Answer

blowdart picture blowdart · Jul 22, 2009

Canonicalisation is the process by which you take an input, such as a file name, or a string, and turn it into a standard representation.

For example if your web application only allows access to files under C:\websites\mydomain then typically any input referring to filenames is canonicalised to be a physical, direct path, rather than one which uses relative paths. If you wanted to open C:\websites\mydomain\example\example.txt one input into that function may be example\example.txt. It's hard to work out if this goes outside the boundaries of your web site, so the canonicalisation function would look at the application directory and change that relative path into a physical one, C:\websites\mydomain\example\example.txt. This is obviously easier to check as you simply do a string compare on the start of the file path.

For HTML inputs you take inputs like %20 and canonicalise them by unencoding, so this would turn into a space. This is a good idea as the number of different ways of encoding are numerous, canonicalisation means you would check the decoded string only, rather than try to cover all the encoding variations.

Basically you are taking input which is logically equivalent and converting them to a standard form which you can then act upon.