hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

C#: ZipSlip - remove ZipSlip prefix from TaintTracking class name.

Browse Source
This commit is contained in:
Luke Cartey
2018-08-20 14:37:20 +01:00
parent b6c9f844e8
commit 112d104005
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/src/Security Features/CWE-022/ZipSlip.ql
View File

@@ -12,6 +12,6 @@
import csharp
import semmle.code.csharp.security.dataflow.ZipSlip::ZipSlip
from ZipSlipTaintTrackingConfiguration zipTaintTracking, DataFlow::Node source, DataFlow::Node sink
from TaintTrackingConfiguration zipTaintTracking, DataFlow::Node source, DataFlow::Node sink
where zipTaintTracking.hasFlow(source, sink)
select sink, "Make sure to sanitize relative archive item path before creating path for file extraction if the source of $@ is untrusted", source, "zip archive"

4
csharp/ql/src/semmle/code/csharp/security/dataflow/ZipSlip.qll
View File

@@ -21,8 +21,8 @@ module ZipSlip {
abstract class Sanitizer extends DataFlow::ExprNode { }
/** A taint tracking configuration for ZipSlip */
class ZipSlipTaintTrackingConfiguration extends TaintTracking::Configuration {
ZipSlipTaintTrackingConfiguration() {
class TaintTrackingConfiguration extends TaintTracking::Configuration {
TaintTrackingConfiguration() {
this = "ZipSlipTaintTracking"
}