mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
Add file creation sanitizer
This commit is contained in:
Jonathan Leitschuh
committed by
Jonathan Leitschuh
Jonathan Leitschuh
parent
9299c7996d
commit
0268dd9f0a
@@ -34,7 +34,7 @@ class MethodAccessInsecureFileCreateTempFile extends MethodAccessInsecureFileCre
|
||||
this.getNumArgument() = 2
|
||||
or
|
||||
// The default temporary directory is used when the last argument of `File.createTempFile(string, string, File)` is `null`
|
||||
getArgument(2) instanceof NullLiteral
|
||||
DataFlow::localExprFlow(any(NullLiteral n), getArgument(2))
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -16,8 +16,8 @@ import DataFlow::PathGraph
|
||||
|
||||
private class MethodFileSystemFileCreation extends Method {
|
||||
MethodFileSystemFileCreation() {
|
||||
getDeclaringType() instanceof TypeFile and
|
||||
hasName(["mkdir", "mkdirs", "createNewFile"])
|
||||
this.getDeclaringType() instanceof TypeFile and
|
||||
this.hasName(["mkdir", "mkdirs", "createNewFile"])
|
||||
}
|
||||
}
|
||||
|
||||
@@ -58,7 +58,26 @@ private class FilesVulnerableCreationMethodAccess extends MethodAccess {
|
||||
m.hasName(["write", "newBufferedWriter", "newOutputStream"])
|
||||
or
|
||||
m.hasName(["createFile", "createDirectory", "createDirectories"]) and
|
||||
getNumArgument() = 1
|
||||
this.getNumArgument() = 1
|
||||
or
|
||||
m.hasName("newByteChannel") and
|
||||
this.getNumArgument() = 2
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to a `File` method that create files/directories with a specific set of permissions explicitly set.
|
||||
* We can safely assume that any calls to these methods with explicit `PosixFilePermissions.asFileAttribute` contains a certain level of intentionality behind it.
|
||||
*/
|
||||
private class FilesSanitiznignCreationMethodAccess extends MethodAccess {
|
||||
FilesSanitiznignCreationMethodAccess() {
|
||||
exists(Method m |
|
||||
m = this.getMethod() and
|
||||
m.getDeclaringType().hasQualifiedName("java.nio.file", "Files")
|
||||
|
|
||||
m.hasName(["createFile", "createDirectory", "createDirectories"]) and
|
||||
this.getNumArgument() = 2
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -92,10 +111,16 @@ private class TempDirSystemGetPropertyToCreateConfig extends TaintTracking::Conf
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof FileCreationSink }
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node sanitizer) {
|
||||
exists(FilesSanitiznignCreationMethodAccess sanitisingMethodAccess |
|
||||
sanitizer.asExpr() = sanitisingMethodAccess.getArgument(0)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
from DataFlow::PathNode source, DataFlow::PathNode sink, TempDirSystemGetPropertyToCreateConfig conf
|
||||
where conf.hasFlowPath(source, sink)
|
||||
select source.getNode(), source, sink,
|
||||
select sink.getNode(), source, sink,
|
||||
"Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users.",
|
||||
source.getNode(), "system temp directory"
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
| Test.java:15:21:15:57 | createTempFile(...) | Local information disclosure vulnerability due to use of file readable by other local users. |
|
||||
| Test.java:19:21:19:63 | createTempFile(...) | Local information disclosure vulnerability due to use of file readable by other local users. |
|
||||
| Test.java:49:24:49:65 | createTempDir(...) | Local information disclosure vulnerability due to use of directory readable by other local users. |
|
||||
| Test.java:18:25:18:61 | createTempFile(...) | Local information disclosure vulnerability due to use of file readable by other local users. |
|
||||
| Test.java:26:25:26:67 | createTempFile(...) | Local information disclosure vulnerability due to use of file readable by other local users. |
|
||||
| Test.java:95:24:95:65 | createTempDir(...) | Local information disclosure vulnerability due to use of directory readable by other local users. |
|
||||
|
||||
@@ -6,119 +6,118 @@ edges
|
||||
| Files.java:10:33:10:68 | getProperty(...) : String | Files.java:15:17:15:23 | tempDir |
|
||||
| Files.java:14:28:14:64 | new File(...) : File | Files.java:15:17:15:23 | tempDir |
|
||||
| Files.java:14:37:14:43 | baseDir : File | Files.java:14:28:14:64 | new File(...) : File |
|
||||
| Test.java:23:24:23:69 | new File(...) : File | Test.java:24:59:24:65 | tempDir |
|
||||
| Test.java:23:33:23:68 | getProperty(...) : String | Test.java:23:24:23:69 | new File(...) : File |
|
||||
| Test.java:23:33:23:68 | getProperty(...) : String | Test.java:24:59:24:65 | tempDir |
|
||||
| Test.java:28:29:28:94 | new File(...) : File | Test.java:29:59:29:70 | tempDirChild |
|
||||
| Test.java:28:38:28:83 | new File(...) : File | Test.java:28:29:28:94 | new File(...) : File |
|
||||
| Test.java:28:38:28:83 | new File(...) : File | Test.java:29:59:29:70 | tempDirChild |
|
||||
| Test.java:28:47:28:82 | getProperty(...) : String | Test.java:28:38:28:83 | new File(...) : File |
|
||||
| Test.java:28:47:28:82 | getProperty(...) : String | Test.java:29:59:29:70 | tempDirChild |
|
||||
| Test.java:33:24:33:69 | new File(...) : File | Test.java:34:59:34:65 | tempDir |
|
||||
| Test.java:33:33:33:68 | getProperty(...) : String | Test.java:33:24:33:69 | new File(...) : File |
|
||||
| Test.java:33:33:33:68 | getProperty(...) : String | Test.java:34:59:34:65 | tempDir |
|
||||
| Test.java:38:24:38:69 | new File(...) : File | Test.java:39:59:39:65 | tempDir |
|
||||
| Test.java:38:33:38:68 | getProperty(...) : String | Test.java:38:24:38:69 | new File(...) : File |
|
||||
| Test.java:38:33:38:68 | getProperty(...) : String | Test.java:39:59:39:65 | tempDir |
|
||||
| Test.java:53:29:53:84 | new File(...) : File | Test.java:54:9:54:20 | tempDirChild |
|
||||
| Test.java:53:38:53:73 | getProperty(...) : String | Test.java:53:29:53:84 | new File(...) : File |
|
||||
| Test.java:53:38:53:73 | getProperty(...) : String | Test.java:54:9:54:20 | tempDirChild |
|
||||
| Test.java:58:29:58:84 | new File(...) : File | Test.java:59:9:59:20 | tempDirChild |
|
||||
| Test.java:58:38:58:73 | getProperty(...) : String | Test.java:58:29:58:84 | new File(...) : File |
|
||||
| Test.java:58:38:58:73 | getProperty(...) : String | Test.java:59:9:59:20 | tempDirChild |
|
||||
| Test.java:63:29:63:88 | new File(...) : File | Test.java:64:21:64:32 | tempDirChild : File |
|
||||
| Test.java:63:38:63:73 | getProperty(...) : String | Test.java:63:29:63:88 | new File(...) : File |
|
||||
| Test.java:63:38:63:73 | getProperty(...) : String | Test.java:64:21:64:32 | tempDirChild : File |
|
||||
| Test.java:64:21:64:32 | tempDirChild : File | Test.java:64:21:64:41 | toPath(...) |
|
||||
| Test.java:68:29:68:88 | new File(...) : File | Test.java:71:21:71:32 | tempDirChild : File |
|
||||
| Test.java:68:38:68:73 | getProperty(...) : String | Test.java:68:29:68:88 | new File(...) : File |
|
||||
| Test.java:68:38:68:73 | getProperty(...) : String | Test.java:71:21:71:32 | tempDirChild : File |
|
||||
| Test.java:71:21:71:32 | tempDirChild : File | Test.java:71:21:71:41 | toPath(...) |
|
||||
| Test.java:75:29:75:104 | new File(...) : File | Test.java:76:33:76:44 | tempDirChild : File |
|
||||
| Test.java:75:38:75:73 | getProperty(...) : String | Test.java:75:29:75:104 | new File(...) : File |
|
||||
| Test.java:75:38:75:73 | getProperty(...) : String | Test.java:76:33:76:44 | tempDirChild : File |
|
||||
| Test.java:76:33:76:44 | tempDirChild : File | Test.java:76:33:76:53 | toPath(...) |
|
||||
| Test.java:80:29:80:102 | new File(...) : File | Test.java:81:31:81:42 | tempDirChild : File |
|
||||
| Test.java:80:38:80:73 | getProperty(...) : String | Test.java:80:29:80:102 | new File(...) : File |
|
||||
| Test.java:80:38:80:73 | getProperty(...) : String | Test.java:81:31:81:42 | tempDirChild : File |
|
||||
| Test.java:81:31:81:42 | tempDirChild : File | Test.java:81:31:81:51 | toPath(...) |
|
||||
| Test.java:85:29:85:100 | new File(...) : File | Test.java:86:26:86:37 | tempDirChild : File |
|
||||
| Test.java:85:38:85:73 | getProperty(...) : String | Test.java:85:29:85:100 | new File(...) : File |
|
||||
| Test.java:85:38:85:73 | getProperty(...) : String | Test.java:86:26:86:37 | tempDirChild : File |
|
||||
| Test.java:86:26:86:37 | tempDirChild : File | Test.java:86:26:86:46 | toPath(...) |
|
||||
| Test.java:99:29:99:101 | new File(...) : File | Test.java:100:31:100:42 | tempDirChild : File |
|
||||
| Test.java:99:38:99:73 | getProperty(...) : String | Test.java:99:29:99:101 | new File(...) : File |
|
||||
| Test.java:99:38:99:73 | getProperty(...) : String | Test.java:100:31:100:42 | tempDirChild : File |
|
||||
| Test.java:100:31:100:42 | tempDirChild : File | Test.java:100:31:100:51 | toPath(...) |
|
||||
| Test.java:104:29:104:109 | new File(...) : File | Test.java:105:33:105:44 | tempDirChild : File |
|
||||
| Test.java:104:38:104:73 | getProperty(...) : String | Test.java:104:29:104:109 | new File(...) : File |
|
||||
| Test.java:104:38:104:73 | getProperty(...) : String | Test.java:105:33:105:44 | tempDirChild : File |
|
||||
| Test.java:105:33:105:44 | tempDirChild : File | Test.java:105:33:105:53 | toPath(...) |
|
||||
| Test.java:34:24:34:69 | new File(...) : File | Test.java:37:63:37:69 | tempDir |
|
||||
| Test.java:34:33:34:68 | getProperty(...) : String | Test.java:34:24:34:69 | new File(...) : File |
|
||||
| Test.java:34:33:34:68 | getProperty(...) : String | Test.java:37:63:37:69 | tempDir |
|
||||
| Test.java:48:29:48:94 | new File(...) : File | Test.java:51:63:51:74 | tempDirChild |
|
||||
| Test.java:48:38:48:83 | new File(...) : File | Test.java:48:29:48:94 | new File(...) : File |
|
||||
| Test.java:48:38:48:83 | new File(...) : File | Test.java:51:63:51:74 | tempDirChild |
|
||||
| Test.java:48:47:48:82 | getProperty(...) : String | Test.java:48:38:48:83 | new File(...) : File |
|
||||
| Test.java:48:47:48:82 | getProperty(...) : String | Test.java:51:63:51:74 | tempDirChild |
|
||||
| Test.java:59:24:59:69 | new File(...) : File | Test.java:62:63:62:69 | tempDir |
|
||||
| Test.java:59:33:59:68 | getProperty(...) : String | Test.java:59:24:59:69 | new File(...) : File |
|
||||
| Test.java:59:33:59:68 | getProperty(...) : String | Test.java:62:63:62:69 | tempDir |
|
||||
| Test.java:73:24:73:69 | new File(...) : File | Test.java:76:63:76:69 | tempDir |
|
||||
| Test.java:73:33:73:68 | getProperty(...) : String | Test.java:73:24:73:69 | new File(...) : File |
|
||||
| Test.java:73:33:73:68 | getProperty(...) : String | Test.java:76:63:76:69 | tempDir |
|
||||
| Test.java:108:29:108:84 | new File(...) : File | Test.java:111:9:111:20 | tempDirChild |
|
||||
| Test.java:108:38:108:73 | getProperty(...) : String | Test.java:108:29:108:84 | new File(...) : File |
|
||||
| Test.java:108:38:108:73 | getProperty(...) : String | Test.java:111:9:111:20 | tempDirChild |
|
||||
| Test.java:132:29:132:84 | new File(...) : File | Test.java:135:9:135:20 | tempDirChild |
|
||||
| Test.java:132:38:132:73 | getProperty(...) : String | Test.java:132:29:132:84 | new File(...) : File |
|
||||
| Test.java:132:38:132:73 | getProperty(...) : String | Test.java:135:9:135:20 | tempDirChild |
|
||||
| Test.java:156:29:156:88 | new File(...) : File | Test.java:157:21:157:32 | tempDirChild : File |
|
||||
| Test.java:156:38:156:73 | getProperty(...) : String | Test.java:156:29:156:88 | new File(...) : File |
|
||||
| Test.java:156:38:156:73 | getProperty(...) : String | Test.java:157:21:157:32 | tempDirChild : File |
|
||||
| Test.java:157:21:157:32 | tempDirChild : File | Test.java:157:21:157:41 | toPath(...) |
|
||||
| Test.java:185:29:185:88 | new File(...) : File | Test.java:186:21:186:32 | tempDirChild : File |
|
||||
| Test.java:185:38:185:73 | getProperty(...) : String | Test.java:185:29:185:88 | new File(...) : File |
|
||||
| Test.java:185:38:185:73 | getProperty(...) : String | Test.java:186:21:186:32 | tempDirChild : File |
|
||||
| Test.java:186:21:186:32 | tempDirChild : File | Test.java:186:21:186:41 | toPath(...) |
|
||||
| Test.java:202:29:202:104 | new File(...) : File | Test.java:202:29:202:113 | toPath(...) : Path |
|
||||
| Test.java:202:29:202:113 | toPath(...) : Path | Test.java:205:33:205:44 | tempDirChild |
|
||||
| Test.java:202:38:202:73 | getProperty(...) : String | Test.java:202:29:202:104 | new File(...) : File |
|
||||
| Test.java:214:29:214:102 | new File(...) : File | Test.java:214:29:214:111 | toPath(...) : Path |
|
||||
| Test.java:214:29:214:111 | toPath(...) : Path | Test.java:217:31:217:42 | tempDirChild |
|
||||
| Test.java:214:38:214:73 | getProperty(...) : String | Test.java:214:29:214:102 | new File(...) : File |
|
||||
| Test.java:226:29:226:100 | new File(...) : File | Test.java:229:26:229:37 | tempDirChild : File |
|
||||
| Test.java:226:38:226:73 | getProperty(...) : String | Test.java:226:29:226:100 | new File(...) : File |
|
||||
| Test.java:226:38:226:73 | getProperty(...) : String | Test.java:229:26:229:37 | tempDirChild : File |
|
||||
| Test.java:229:26:229:37 | tempDirChild : File | Test.java:229:26:229:46 | toPath(...) |
|
||||
| Test.java:247:29:247:101 | new File(...) : File | Test.java:250:31:250:42 | tempDirChild : File |
|
||||
| Test.java:247:38:247:73 | getProperty(...) : String | Test.java:247:29:247:101 | new File(...) : File |
|
||||
| Test.java:247:38:247:73 | getProperty(...) : String | Test.java:250:31:250:42 | tempDirChild : File |
|
||||
| Test.java:250:31:250:42 | tempDirChild : File | Test.java:250:31:250:51 | toPath(...) |
|
||||
| Test.java:258:29:258:109 | new File(...) : File | Test.java:261:33:261:44 | tempDirChild : File |
|
||||
| Test.java:258:38:258:73 | getProperty(...) : String | Test.java:258:29:258:109 | new File(...) : File |
|
||||
| Test.java:258:38:258:73 | getProperty(...) : String | Test.java:261:33:261:44 | tempDirChild : File |
|
||||
| Test.java:261:33:261:44 | tempDirChild : File | Test.java:261:33:261:53 | toPath(...) |
|
||||
nodes
|
||||
| Files.java:10:24:10:69 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Files.java:10:33:10:68 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Files.java:14:28:14:64 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Files.java:14:37:14:43 | baseDir : File | semmle.label | baseDir : File |
|
||||
| Files.java:15:17:15:23 | tempDir | semmle.label | tempDir |
|
||||
| Test.java:23:24:23:69 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:23:33:23:68 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:24:59:24:65 | tempDir | semmle.label | tempDir |
|
||||
| Test.java:28:29:28:94 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:28:38:28:83 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:28:47:28:82 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:29:59:29:70 | tempDirChild | semmle.label | tempDirChild |
|
||||
| Test.java:33:24:33:69 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:33:33:33:68 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:34:59:34:65 | tempDir | semmle.label | tempDir |
|
||||
| Test.java:38:24:38:69 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:38:33:38:68 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:39:59:39:65 | tempDir | semmle.label | tempDir |
|
||||
| Test.java:53:29:53:84 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:53:38:53:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:54:9:54:20 | tempDirChild | semmle.label | tempDirChild |
|
||||
| Test.java:58:29:58:84 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:58:38:58:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:59:9:59:20 | tempDirChild | semmle.label | tempDirChild |
|
||||
| Test.java:63:29:63:88 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:63:38:63:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:64:21:64:32 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:64:21:64:41 | toPath(...) | semmle.label | toPath(...) |
|
||||
| Test.java:68:29:68:88 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:68:38:68:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:71:21:71:32 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:71:21:71:41 | toPath(...) | semmle.label | toPath(...) |
|
||||
| Test.java:75:29:75:104 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:75:38:75:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:76:33:76:44 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:76:33:76:53 | toPath(...) | semmle.label | toPath(...) |
|
||||
| Test.java:80:29:80:102 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:80:38:80:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:81:31:81:42 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:81:31:81:51 | toPath(...) | semmle.label | toPath(...) |
|
||||
| Test.java:85:29:85:100 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:85:38:85:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:86:26:86:37 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:86:26:86:46 | toPath(...) | semmle.label | toPath(...) |
|
||||
| Test.java:99:29:99:101 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:99:38:99:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:100:31:100:42 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:100:31:100:51 | toPath(...) | semmle.label | toPath(...) |
|
||||
| Test.java:104:29:104:109 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:104:38:104:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:105:33:105:44 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:105:33:105:53 | toPath(...) | semmle.label | toPath(...) |
|
||||
| Test.java:34:24:34:69 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:34:33:34:68 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:37:63:37:69 | tempDir | semmle.label | tempDir |
|
||||
| Test.java:48:29:48:94 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:48:38:48:83 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:48:47:48:82 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:51:63:51:74 | tempDirChild | semmle.label | tempDirChild |
|
||||
| Test.java:59:24:59:69 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:59:33:59:68 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:62:63:62:69 | tempDir | semmle.label | tempDir |
|
||||
| Test.java:73:24:73:69 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:73:33:73:68 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:76:63:76:69 | tempDir | semmle.label | tempDir |
|
||||
| Test.java:108:29:108:84 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:108:38:108:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:111:9:111:20 | tempDirChild | semmle.label | tempDirChild |
|
||||
| Test.java:132:29:132:84 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:132:38:132:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:135:9:135:20 | tempDirChild | semmle.label | tempDirChild |
|
||||
| Test.java:156:29:156:88 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:156:38:156:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:157:21:157:32 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:157:21:157:41 | toPath(...) | semmle.label | toPath(...) |
|
||||
| Test.java:185:29:185:88 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:185:38:185:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:186:21:186:32 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:186:21:186:41 | toPath(...) | semmle.label | toPath(...) |
|
||||
| Test.java:202:29:202:104 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:202:29:202:113 | toPath(...) : Path | semmle.label | toPath(...) : Path |
|
||||
| Test.java:202:38:202:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:205:33:205:44 | tempDirChild | semmle.label | tempDirChild |
|
||||
| Test.java:214:29:214:102 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:214:29:214:111 | toPath(...) : Path | semmle.label | toPath(...) : Path |
|
||||
| Test.java:214:38:214:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:217:31:217:42 | tempDirChild | semmle.label | tempDirChild |
|
||||
| Test.java:226:29:226:100 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:226:38:226:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:229:26:229:37 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:229:26:229:46 | toPath(...) | semmle.label | toPath(...) |
|
||||
| Test.java:247:29:247:101 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:247:38:247:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:250:31:250:42 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:250:31:250:51 | toPath(...) | semmle.label | toPath(...) |
|
||||
| Test.java:258:29:258:109 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| Test.java:258:38:258:73 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:261:33:261:44 | tempDirChild : File | semmle.label | tempDirChild : File |
|
||||
| Test.java:261:33:261:53 | toPath(...) | semmle.label | toPath(...) |
|
||||
subpaths
|
||||
#select
|
||||
| Files.java:10:33:10:68 | getProperty(...) | Files.java:10:33:10:68 | getProperty(...) : String | Files.java:15:17:15:23 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Files.java:10:33:10:68 | getProperty(...) | system temp directory |
|
||||
| Test.java:23:33:23:68 | getProperty(...) | Test.java:23:33:23:68 | getProperty(...) : String | Test.java:24:59:24:65 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:23:33:23:68 | getProperty(...) | system temp directory |
|
||||
| Test.java:28:47:28:82 | getProperty(...) | Test.java:28:47:28:82 | getProperty(...) : String | Test.java:29:59:29:70 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:28:47:28:82 | getProperty(...) | system temp directory |
|
||||
| Test.java:33:33:33:68 | getProperty(...) | Test.java:33:33:33:68 | getProperty(...) : String | Test.java:34:59:34:65 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:33:33:33:68 | getProperty(...) | system temp directory |
|
||||
| Test.java:38:33:38:68 | getProperty(...) | Test.java:38:33:38:68 | getProperty(...) : String | Test.java:39:59:39:65 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:38:33:38:68 | getProperty(...) | system temp directory |
|
||||
| Test.java:53:38:53:73 | getProperty(...) | Test.java:53:38:53:73 | getProperty(...) : String | Test.java:54:9:54:20 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:53:38:53:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:58:38:58:73 | getProperty(...) | Test.java:58:38:58:73 | getProperty(...) : String | Test.java:59:9:59:20 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:58:38:58:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:63:38:63:73 | getProperty(...) | Test.java:63:38:63:73 | getProperty(...) : String | Test.java:64:21:64:41 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:63:38:63:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:68:38:68:73 | getProperty(...) | Test.java:68:38:68:73 | getProperty(...) : String | Test.java:71:21:71:41 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:68:38:68:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:75:38:75:73 | getProperty(...) | Test.java:75:38:75:73 | getProperty(...) : String | Test.java:76:33:76:53 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:75:38:75:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:80:38:80:73 | getProperty(...) | Test.java:80:38:80:73 | getProperty(...) : String | Test.java:81:31:81:51 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:80:38:80:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:85:38:85:73 | getProperty(...) | Test.java:85:38:85:73 | getProperty(...) : String | Test.java:86:26:86:46 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:85:38:85:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:99:38:99:73 | getProperty(...) | Test.java:99:38:99:73 | getProperty(...) : String | Test.java:100:31:100:51 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:99:38:99:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:104:38:104:73 | getProperty(...) | Test.java:104:38:104:73 | getProperty(...) : String | Test.java:105:33:105:53 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:104:38:104:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:34:33:34:68 | getProperty(...) | Test.java:34:33:34:68 | getProperty(...) : String | Test.java:37:63:37:69 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:34:33:34:68 | getProperty(...) | system temp directory |
|
||||
| Test.java:48:47:48:82 | getProperty(...) | Test.java:48:47:48:82 | getProperty(...) : String | Test.java:51:63:51:74 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:48:47:48:82 | getProperty(...) | system temp directory |
|
||||
| Test.java:59:33:59:68 | getProperty(...) | Test.java:59:33:59:68 | getProperty(...) : String | Test.java:62:63:62:69 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:59:33:59:68 | getProperty(...) | system temp directory |
|
||||
| Test.java:73:33:73:68 | getProperty(...) | Test.java:73:33:73:68 | getProperty(...) : String | Test.java:76:63:76:69 | tempDir | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:73:33:73:68 | getProperty(...) | system temp directory |
|
||||
| Test.java:108:38:108:73 | getProperty(...) | Test.java:108:38:108:73 | getProperty(...) : String | Test.java:111:9:111:20 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:108:38:108:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:132:38:132:73 | getProperty(...) | Test.java:132:38:132:73 | getProperty(...) : String | Test.java:135:9:135:20 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:132:38:132:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:156:38:156:73 | getProperty(...) | Test.java:156:38:156:73 | getProperty(...) : String | Test.java:157:21:157:41 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:156:38:156:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:185:38:185:73 | getProperty(...) | Test.java:185:38:185:73 | getProperty(...) : String | Test.java:186:21:186:41 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:185:38:185:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:202:38:202:73 | getProperty(...) | Test.java:202:38:202:73 | getProperty(...) : String | Test.java:205:33:205:44 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:202:38:202:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:214:38:214:73 | getProperty(...) | Test.java:214:38:214:73 | getProperty(...) : String | Test.java:217:31:217:42 | tempDirChild | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:214:38:214:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:226:38:226:73 | getProperty(...) | Test.java:226:38:226:73 | getProperty(...) : String | Test.java:229:26:229:46 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:226:38:226:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:247:38:247:73 | getProperty(...) | Test.java:247:38:247:73 | getProperty(...) : String | Test.java:250:31:250:51 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:247:38:247:73 | getProperty(...) | system temp directory |
|
||||
| Test.java:258:38:258:73 | getProperty(...) | Test.java:258:38:258:73 | getProperty(...) : String | Test.java:261:33:261:53 | toPath(...) | Local information disclosure vulnerability from $@ due to use of file or directory readable by other local users. | Test.java:258:38:258:73 | getProperty(...) | system temp directory |
|
||||
|
||||
Reference in New Issue
Block a user