hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add test for sanitization using toAbsolutePath().

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2018-10-19 14:49:50 +02:00
parent bf6b7c4734
commit 4953e4923a
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java
View File

@@ -41,4 +41,14 @@ public class ZipTest {
validate(dir, file);
FileOutputStream os = new FileOutputStream(file); // OK
}
public void m5(ZipEntry entry, File dir) {
String name = entry.getName();
File file = new File(dir, name);
Path absfile = file.toPath().toAbsolutePath().normalize();
Path absdir = dir.toPath().toAbsolutePath().normalize();
if (!absfile.startsWith(absdir))
throw new Exception();
FileOutputStream os = new FileOutputStream(file); // OK
}
}