hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add a flow step for Path::toFile in ZipSlip

Browse Source
This commit is contained in:
Robin Neatherway
2019-02-07 11:09:20 +00:00
parent 383e82a3f3
commit 409733838b
3 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
View File

@@ -79,6 +79,8 @@ predicate filePathStep(ExprNode n1, ExprNode n2) {
m.getDeclaringType() instanceof TypeFile and m.hasName("toPath")
or
m.getDeclaringType() instanceof TypePath and m.hasName("toAbsolutePath")
or
m.getDeclaringType() instanceof TypePath and m.hasName("toFile")
)
}

9
java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java
View File

@@ -51,4 +51,13 @@ public class ZipTest {
throw new Exception();
FileOutputStream os = new FileOutputStream(file); // OK
}
public void m6(ZipEntry entry, Path dir) {
String canonicalDest = dir.toFile().getCanonicalPath();
Path target = dir.resolve(entry.getName());
String canonicalTarget = target.toFile().getCanonicalPath();
if (!canonicalTarget.startsWith(canonicalDest + File.separator))
throw new Exception();
OutputStream os = Files.newOutputStream(target); // OK
}
}