What is a Directory Traversal?

A directory traversal is a process by which the contents of computer folders, or directories, are systematically scanned through. For both developers and novice computer users, a directory traversal can yield a great deal of useful information. This methodology is used in a variety of computer applications, including file searches in an operating system.

When performing a directory traversal, the process begins in the "working directory." Many directory traversals are recursive, meaning that they scan the contents of the working directory as well as the contents of every separate folder, or subdirectory, the working directory contains. Recursive directory traversals can easily identify large groups of files with similar characteristics. A directory traversal may also be used to select specific file types for analysis, modification, or deletion.

Traversals can be done in two different ways. The first traversal method, which is usually performed by all computer users at some point, is done through an operating system's user interface. Precisely how this is done depends on the operating system but in this context, traversing directories is often as simple as clicking into a folder, then clicking into a folder within that folder, and so forth. Since the speed of this approach is limited by how fast a user can manually go through directories, it is usually the slower of the two traversal methods.

Programmers and developers usually employ the second traversal method, which entails giving explicit commands to the operating system, rather than using its interface. This method is more flexible than interface-based traversal, and can often be linked with other operating system commands to access and modify many files at once. In general, most computer users do not need to do traversals this way, although the option is almost always there.

Though directory traversals can be very useful, they have the potential to be exploited by malicious code, particularly in web pages. When programming web sites, web designers must often take great care to ensure that no unauthorized directory traversals can be done by a client viewing a web page. Since a directory traversal has the potential to showcase a lot of information, allowing a client to access a web page's component directories could pose a significant security risk. Directory traversals are not dangerous or malicious in themselves, so scanning through directories as a trusted user on a computer does not automatically endanger a computer or its data. In almost all contexts, directory traversals are safe, useful methods for getting information from a computer.