hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

add the snappy missed sink

Browse Source
This commit is contained in:
am0o0
2024-07-13 11:15:45 +02:00
parent 8c106964ec
commit 025aa77e79
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/test/experimental/query-tests/security/CWE-522-DecompressionBombs/SnappyHandler.java
View File

@@ -12,7 +12,7 @@ public class SnappyHandler {
byte[] readBuffer = new byte[4096];
try (SnappyInputStream zipInputStream = new SnappyInputStream(inputStream)) { // $ hasTaintFlow="inputStream"
try (OutputStream outputStream = Files.newOutputStream(Paths.get("extractedFile"))) {
while ((readLen = zipInputStream.read(readBuffer)) != -1) {
while ((readLen = zipInputStream.read(readBuffer)) != -1) { // $ hasTaintFlow="zipInputStream"
outputStream.write(readBuffer, 0, readLen);
}
}