hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query

Browse Source 
All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous
This commit is contained in:
Tony Torralba
2023-06-16 08:50:47 +02:00
parent 47638123d0
commit 3e96fe60c5
12 changed files with 54 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
csharp/ql/src/Security Features/CWE-022/ZipSlip.qhelp
View File

@@ -3,16 +3,16 @@
"qhelp.dtd">
<qhelp>
<overview>
<p>Extracting files from a malicious zip archive without validating that the destination file path
is within the destination directory can cause files outside the destination directory to be
overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
<p>Accessing filesystem paths built from the name of an archive entry without validating that the
destination file path is within the destination directory can allow an attacker to access
unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
archive paths.</p>
<p>Zip archives contain archive entries representing each file in the archive. These entries
include a file path for the entry, but these file paths are not restricted and may contain
unexpected special elements such as the directory traversal element (<code>..</code>). If these
file paths are used to determine an output file to write the contents of the archive item to, then
the file may be written to an unexpected location. This can result in sensitive information being
file paths are used to create a filesystem path, then a file operation may happen in an
unexpected location. This can result in sensitive information being
revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
files.</p>

8
csharp/ql/src/Security Features/CWE-022/ZipSlip.ql
View File

@@ -1,8 +1,8 @@
/**
* @name Arbitrary file write during zip extraction ("Zip Slip")
* @description Extracting files from a malicious zip archive without validating that the
* destination file path is within the destination directory can cause files outside
* the destination directory to be overwritten.
* @name Arbitrary file access during archive extraction ("Zip Slip")
* @description Accessing filesystem paths built from the name of an archive entry without
* validating that the destination file path is within the destination directory
* can allow an attacker to access unexpected resources.
* @kind path-problem
* @id cs/zipslip
* @problem.severity error

10
go/ql/src/Security/CWE-022/ZipSlip.qhelp
View File

@@ -5,9 +5,9 @@
<overview>
<p>
Extracting files from a malicious zip archive without validating that the destination file path
is within the destination directory can cause files outside the destination directory to be
overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
Accessing filesystem paths built from the name of an archive entry without validating that the
destination file path is within the destination directory can allow an attacker to access
unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
archive paths.
</p>
@@ -15,8 +15,8 @@ archive paths.
Zip archives contain archive entries representing each file in the archive. These entries
include a file path for the entry, but these file paths are not restricted and may contain
unexpected special elements such as the directory traversal element (<code>..</code>). If these
file paths are used to determine which output file the contents of an archive item should be written to, then
the file may be written to an unexpected location. This can result in sensitive information being
file paths are used to create a filesystem path, then a file operation may happen in an
unexpected location. This can result in sensitive information being
revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
files.
</p>

8
go/ql/src/Security/CWE-022/ZipSlip.ql
View File

@@ -1,8 +1,8 @@
/**
* @name Arbitrary file write during zip extraction ("zip slip")
* @description Extracting files from a malicious zip archive without validating that the
* destination file path is within the destination directory can cause files outside
* the destination directory to be overwritten.
* @name Arbitrary file access during archive extraction ("Zip Slip")
* @description Accessing filesystem paths built from the name of an archive entry without
* validating that the destination file path is within the destination directory
* can allow an attacker to access unexpected resources.
* @kind path-problem
* @id go/zipslip
* @problem.severity error

11
java/ql/src/Security/CWE/CWE-022/ZipSlip.qhelp
View File

@@ -3,17 +3,16 @@
"qhelp.dtd">
<qhelp>
<overview>
<p>Extracting files from a malicious zip archive (or another archive format)
without validating that the destination file path
is within the destination directory can cause files outside the destination directory to be
overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
<p>Accessing filesystem paths built from the name of an archive entry without validating that the
destination file path is within the destination directory can allow an attacker to access
unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
archive paths.</p>
<p>Zip archives contain archive entries representing each file in the archive. These entries
include a file path for the entry, but these file paths are not restricted and may contain
unexpected special elements such as the directory traversal element (<code>..</code>). If these
file paths are used to determine an output file to write the contents of the archive item to, then
the file may be written to an unexpected location. This can result in sensitive information being
file paths are used to create a filesystem path, then a file operation may happen in an
unexpected location. This can result in sensitive information being
revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
files.</p>

8
java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
View File

@@ -1,8 +1,8 @@
/**
* @name Arbitrary file write during archive extraction ("Zip Slip")
* @description Extracting files from a malicious archive without validating that the
* destination file path is within the destination directory can cause files outside
* the destination directory to be overwritten.
* @name Arbitrary file access during archive extraction ("Zip Slip")
* @description Accessing filesystem paths built from the name of an archive entry without
* validating that the destination file path is within the destination directory
* can allow an attacker to access unexpected resources.
* @kind path-problem
* @id java/zipslip
* @problem.severity error

10
javascript/ql/src/Security/CWE-022/ZipSlip.qhelp
View File

@@ -4,16 +4,16 @@
<qhelp>
<overview>
<p>Extracting files from a malicious zip archive without validating that the destination file path
is within the destination directory can cause files outside the destination directory to be
overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
<p>Accessing filesystem paths built from the name of an archive entry without validating that the
destination file path is within the destination directory can allow an attacker to access
unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
archive paths.</p>
<p>Zip archives contain archive entries representing each file in the archive. These entries
include a file path for the entry, but these file paths are not restricted and may contain
unexpected special elements such as the directory traversal element (<code>..</code>). If these
file paths are used to determine an output file to write the contents of the archive item to, then
the file may be written to an unexpected location. This can result in sensitive information being
file paths are used to create a filesystem path, then a file operation may happen in an
unexpected location. This can result in sensitive information being
revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
files.</p>

8
javascript/ql/src/Security/CWE-022/ZipSlip.ql
View File

@@ -1,8 +1,8 @@
/**
* @name Arbitrary file write during zip extraction ("Zip Slip")
* @description Extracting files from a malicious zip archive without validating that the
* destination file path is within the destination directory can cause files outside
* the destination directory to be overwritten.
* @name Arbitrary file access during archive extraction ("Zip Slip")
* @description Accessing filesystem paths built from the name of an archive entry without
* validating that the destination file path is within the destination directory
* can allow an attacker to access unexpected resources.
* @kind path-problem
* @id js/zipslip
* @problem.severity error

10
python/ql/src/experimental/Security/CWE-022/ZipSlip.qhelp
View File

@@ -4,16 +4,16 @@
<qhelp>
<overview>
<p>Extracting files from a malicious zip archive without validating that the destination file path
is within the destination directory can cause files outside the destination directory to be
overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
<p>Accessing filesystem paths built from the name of an archive entry without validating that the
destination file path is within the destination directory can allow an attacker to access
unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
archive paths.</p>
<p>Zip archives contain archive entries representing each file in the archive. These entries
include a file path for the entry, but these file paths are not restricted and may contain
unexpected special elements such as the directory traversal element (<code>..</code>). If these
file paths are used to determine an output file to write the contents of the archive item to, then
the file may be written to an unexpected location. This can result in sensitive information being
file paths are used to create a filesystem path, then a file operation may happen in an
unexpected location. This can result in sensitive information being
revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
files.</p>

8
python/ql/src/experimental/Security/CWE-022/ZipSlip.ql
View File

@@ -1,8 +1,8 @@
/**
* @name Arbitrary file write during archive extraction ("Zip Slip")
* @description Extracting files from a malicious archive without validating that the
* destination file path is within the destination directory can cause files outside
* the destination directory to be overwritten.
* @name Arbitrary file access during archive extraction ("Zip Slip")
* @description Accessing filesystem paths built from the name of an archive entry without
* validating that the destination file path is within the destination directory
* can allow an attacker to access unexpected resources.
* @kind path-problem
* @id py/zipslip
* @problem.severity error

10
ruby/ql/src/experimental/cwe-022-zipslip/ZipSlip.qhelp
View File

@@ -4,16 +4,16 @@
<qhelp>
<overview>
<p>Extracting files from a malicious tar archive without validating that the destination file path
is within the destination directory can cause files outside the destination directory to be
overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
<p>Accessing filesystem paths built from the name of an archive entry without validating that the
destination file path is within the destination directory can allow an attacker to access
unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
archive paths.</p>
<p>Tar archives contain archive entries representing each file in the archive. These entries
include a file path for the entry, but these file paths are not restricted and may contain
unexpected special elements such as the directory traversal element (<code>..</code>). If these
file paths are used to determine an output file to write the contents of the archive item to, then
the file may be written to an unexpected location. This can result in sensitive information being
file paths are used to create a filesystem path, then a file operation may happen in an
unexpected location. This can result in sensitive information being
revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
files.</p>

8
ruby/ql/src/experimental/cwe-022-zipslip/ZipSlip.ql
View File

@@ -1,8 +1,8 @@
/**
* @name Arbitrary file write during zipfile/tarfile extraction
* @description Extracting files from a malicious tar archive without validating that the
* destination file path is within the destination directory can cause files outside
* the destination directory to be overwritten.
* @name Arbitrary file access during archive extraction ("Zip Slip")
* @description Accessing filesystem paths built from the name of an archive entry without
* validating that the destination file path is within the destination directory
* can allow an attacker to access unexpected resources.
* @kind path-problem
* @id rb/zip-slip
* @problem.severity error