Targeting a macOS Application? Update Your Path Traversal Lists

During my recent work, I’ve been playing around with some filesystem oddities. While creating a small corpus of files for a test, I noticed many of the files weren’t appearing correctly in Finder. Take a look at the following:

Spot the difference? In Finder, the colon in test:4 is being replaced with a forward slash. What? Why? A bit of digging led me to this StackOverflow post as well as a number of other resources.

Basically, this is a relic of past OS X versions. Pre-10.10, colons were the de facto path separator. From 10.10 onward, forward slashes became the norm. In order to support older scripts and tools, this interoperability is still supported in many of Apple’s libraries and many third-party applications that pre-date this change. In some of my recent projects, I’ve had a bit of success playing around with this functionality and have gotten some silly and interesting results.

While this isn’t something likely to be useful in day to day activities (in recent versions of macOS, you can’t actually use : as a path separator with any native CLI tools or applications), if you happen to come across an application that supports (or uses a library that supports) this older paradigm, you might get lucky and find a path traversal that was accidentally overlooked even if modern sanitization was put in place.

I highly suggest that anyone targeting macOS applications add paths containing colons to their directory traversal cheat sheets and lists in addition to the usual paths containing forward slashes.