hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply OS guard checks to TempDirLocalInformationDisclosure

Browse Source
This commit is contained in:
Jonathan Leitschuh
2022-02-14 16:52:23 -05:00
parent cd073a2173
commit 39828fd596
6 changed files with 145 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
View File

@@ -11,6 +11,7 @@
*/
import java
import semmle.code.java.os.OSCheck
import TempDirUtils
import DataFlow::PathGraph
import semmle.code.java.dataflow.TaintTracking2
@@ -102,6 +103,21 @@ private class FileCreateTempFileSink extends FileCreationSink {
}
}
/**
* A guard that checks what OS the program is running on.
*/
abstract private class OsBarrierGuard extends DataFlow::BarrierGuard { }
private class IsUnixBarrierGuard extends OsBarrierGuard instanceof IsUnixGuard {
override predicate checks(Expr e, boolean branch) {
this.controls(e.getBasicBlock(), branch.booleanNot())
}
}
private class IsWindowsBarrierGuard extends OsBarrierGuard instanceof IsWindowsGuard {
override predicate checks(Expr e, boolean branch) { this.controls(e.getBasicBlock(), branch) }
}
private class TempDirSystemGetPropertyToCreateConfig extends TaintTracking::Configuration {
TempDirSystemGetPropertyToCreateConfig() { this = "TempDirSystemGetPropertyToCreateConfig" }
@@ -129,6 +145,10 @@ private class TempDirSystemGetPropertyToCreateConfig extends TaintTracking::Conf
sanitizer.asExpr() = sanitisingMethodAccess.getArgument(0)
)
}
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
guard instanceof OsBarrierGuard
}
}
/**

6
java/ql/src/Security/CWE/CWE-200/TempDirUsageSafe.java
View File

@@ -1,10 +1,14 @@
import java.io.File;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.EnumSet;
public class TempDirUsageSafe {
void exampleSafe() throws IOException {
Path temp1 = Files.createTempFile("random", ".txt"); // GOOD: File has permissions `-rw-------`
@@ -30,7 +34,7 @@ public class TempDirUsageSafe {
createTempFile(tempChildFile.toPath()); // GOOD: Good has permissions `-rw-------`
}
static void createTempFile(Path tempDir) {
static void createTempFile(Path tempDirChild) {
try {
if (tempDirChild.getFileSystem().supportedFileAttributeViews().contains("posix")) {
// Explicit permissions setting is only required on unix-like systems because