hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Review feedback and improve temp dir vulnerable/safe code sugestion

Browse Source
This commit is contained in:
Jonathan Leitschuh
2022-02-14 11:29:16 -05:00
parent 76964d58f2
commit 2048aed0a9
3 changed files with 89 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
java/ql/src/Security/CWE/CWE-200/TempDirUsageSafe.java
View File

@@ -1,3 +1,5 @@
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
@@ -9,11 +11,90 @@ public class TempDirUsageSafe {
Path temp2 = Files.createTempDirectory("random-directory"); // GOOD: File has permissions `drwx------`
File tempDirChildFile = new File(System.getProperty("java.io.tmpdir"), "/child-create-file.txt");
// Creating a temporary file with a non-randomly generated name
File tempChildFile = new File(System.getProperty("java.io.tmpdir"), "/child-create-file.txt");
// Warning: This will fail on windows as it doesn't support PosixFilePermissions.
// See `exampleSafeWithWindowsSupportFile` if your code needs to support windows and unix-like systems.
Files.createFile(
tempDirChildFile.toPath(),
tempDirChild.toPath(),
tempChildFile.toPath(),
PosixFilePermissions.asFileAttribute(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE))
); // GOOD: Good has permissions `-rw-------`
}
/*
* An example of a safe use of createFile or createDirectory if your code must support windows and unix-like systems.
*/
void exampleSafeWithWindowsSupportFile() {
// Creating a temporary file with a non-randomly generated name
File tempChildFile = new File(System.getProperty("java.io.tmpdir"), "/child-create-file.txt");
createTempFile(tempChildFile.toPath()); // GOOD: Good has permissions `-rw-------`
}
static void createTempFile(Path tempDir) {
try {
if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains("posix")) {
// Explicit permissions setting is only required on unix-like systems because
// the temporary directory is shared between all users.
// This is not necessary on Windows, each user has their own temp directory
final EnumSet<PosixFilePermission> posixFilePermissions =
EnumSet.of(
PosixFilePermission.OWNER_READ,
PosixFilePermission.OWNER_WRITE
);
if (!Files.exists(tempDirChild)) {
Files.createFile(
tempDirChild,
PosixFilePermissions.asFileAttribute(posixFilePermissions)
); // GOOD: Directory has permissions `-rw-------`
} else {
Files.setPosixFilePermissions(
tempDirChild,
posixFilePermissions
); // GOOD: Good has permissions `-rw-------`, or will throw an exception if this fails
}
} else if (!Files.exists(tempDirChild)) {
// On Windows, we still need to create the directory, when it doesn't already exist.
Files.createDirectory(tempDirChild); // GOOD: Windows doesn't share the temp directory between users
}
} catch (IOException exception) {
throw new UncheckedIOException("Failed to create temp file", exception);
}
}
void exampleSafeWithWindowsSupportDirectory() {
File tempDirChildDir = new File(System.getProperty("java.io.tmpdir"), "/child-dir");
createTempDirectories(tempDirChildDir.toPath()); // GOOD: Directory has permissions `drwx------`
}
static void createTempDirectories(Path tempDirChild) {
try {
if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains("posix")) {
// Explicit permissions setting is only required on unix-like systems because
// the temporary directory is shared between all users.
// This is not necessary on Windows, each user has their own temp directory
final EnumSet<PosixFilePermission> posixFilePermissions =
EnumSet.of(
PosixFilePermission.OWNER_READ,
PosixFilePermission.OWNER_WRITE,
PosixFilePermission.OWNER_EXECUTE
);
if (!Files.exists(tempDirChild)) {
Files.createDirectories(
tempDirChild,
PosixFilePermissions.asFileAttribute(posixFilePermissions)
); // GOOD: Directory has permissions `drwx------`
} else {
Files.setPosixFilePermissions(
tempDirChild,
posixFilePermissions
); // GOOD: Good has permissions `drwx------`, or will throw an exception if this fails
}
} else if (!Files.exists(tempDirChild)) {
// On Windows, we still need to create the directory, when it doesn't already exist.
Files.createDirectories(tempDirChild); // GOOD: Windows doesn't share the temp directory between users
}
} catch (IOException exception) {
throw new UncheckedIOException("Failed to create temp dir", exception);
}
}
}

4
java/ql/src/Security/CWE/CWE-200/TempDirUsageVulnerable.java
View File

@@ -15,5 +15,9 @@ public class TempDirUsageVulnerable {
File tempDirChildFile = new File(System.getProperty("java.io.tmpdir"), "/child-create-file.txt");
Files.createFile(tempDirChildFile.toPath()); // BAD: File has permissions `-rw-r--r--`
File tempDirChildDir = new File(System.getProperty("java.io.tmpdir"), "/child-dir");
tempDirChildDir.mkdir(); // BAD: Directory has permissions `drwxr-xr-x`
Files.createDirectory(tempDirChildDir.toPath()); // BAD: Directory has permissions `drwxr-xr-x`
}
}

2
java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md
View File

@@ -1,6 +1,6 @@
---
category: newQuery
---
* A new query titled "Temporary directory Local information disclosure" (`java/local-temp-file-or-directory-information-disclosure`) has been added.
* A new query titled "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) has been added.
This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory.
This query was originally [submitted as query by @JLLeitschuh](https://github.com/github/codeql/pull/4388).