hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply docs suggestions

Browse Source 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
This commit is contained in:
Chris Smowton
2022-08-15 10:34:55 +01:00
committed by GitHub
parent e9df675f88
commit 3cf871e9e5
5 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp
View File

@@ -7,7 +7,7 @@
is to use <code>getCanonicalPath()</code> to remove any path-traversal elements and then check that <code>DIR</code>
is a prefix. However, if <code>DIR</code> is not slash-terminated, this can unexpectedly allow accessing siblings of <code>DIR</code>.</p>
<p>See also <code>java/partial-path-traversal-from-remote</code>, which is similar to this query but only flags instances with evidence of remote exploitability</p>
<p>See also <code>java/partial-path-traversal-from-remote</code>, which is similar to this query but only flags instances with evidence of remote exploitability.</p>
</overview>
<include src="PartialPathTraversalRemainder.inc.qhelp"/>

2
java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Partial Path Traversal Vulnerability
* @name Partial path traversal vulnerability
* @description A prefix used to check that a canonicalised path falls within another must be slash-terminated.
* @kind problem
* @problem.severity error

2
java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.qhelp
View File

@@ -8,7 +8,7 @@ is to use <code>getCanonicalPath()</code> to remove any path-traversal elements
is a prefix. However, if <code>DIR</code> is not slash-terminated, this can unexpectedly allow accessing siblings of <code>DIR</code>.</p>
<p>See also <code>java/partial-path-traversal</code>, which is similar to this query,
but may also flag non-remotely-exploitable instances of Partial Path Traversal.</p>
but may also flag non-remotely-exploitable instances of partial path traversal vulnerabilities.</p>
</overview>
<include src="PartialPathTraversalRemainder.inc.qhelp"/>

2
java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Partial Path Traversal Vulnerability From Remote
* @name Partial path traversal vulnerability from remote
* @description A prefix used to check that a canonicalised path falls within another must be slash-terminated.
* @kind path-problem
* @problem.severity error

8
java/ql/src/Security/CWE/CWE-023/PartialPathTraversalRemainder.inc.qhelp
View File

@@ -17,7 +17,7 @@ returns a <b>non</b>-slash-terminated path string, so a slash must be added to <
In this example, the <code>if</code> statement checks if <code>parent.getCanonicalPath()</code>
is a prefix of <code>dir.getCanonicalPath()</code>. However, <code>parent.getCanonicalPath()</code> is
not slash-terminated. So, the user that supplies <code>dir</code> may be allowed to access siblings of <code>parent</code>
not slash-terminated. This means that users that supply <code>dir</code> may be also allowed to access siblings of <code>parent</code>
and not just children of <code>parent</code>, which is a security issue.
</p>
@@ -40,9 +40,9 @@ indeed slash-terminated, the user supplying <code>dir</code> can only access chi
<li>
OWASP:
<a href="https://owasp.org/www-community/attacks/Path_Traversal">Partial Path Traversal</a>.
CVE-2022-23457:
<a href="https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md"> ESAPI Vulnerability Report</a>
<a href="https://owasp.org/www-community/attacks/Path_Traversal">Partial Path Traversal</a>.</li>
<li>CVE-2022-23457:
<a href="https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md"> ESAPI Vulnerability Report</a>.</li>
</li>
</references>