hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13554 from am0o0/amammad-js-bombs

Browse Source 
JS: Decompression Bombs
This commit is contained in:
Asger F
2024-05-16 13:25:41 +02:00
committed by GitHub
parent a2994c073a df10a7e7f0
commit 499c4df79b
28 changed files with 2200 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

234
javascript/ql/test/experimental/FormParsers/RemoteFlowSource.expected Normal file
View File

@@ -0,0 +1,234 @@
nodes
| busybus.js:9:30:9:33 | file |
| busybus.js:9:30:9:33 | file |
| busybus.js:9:36:9:39 | info |
| busybus.js:9:36:9:39 | info |
| busybus.js:10:19:10:50 | { filen ... eType } |
| busybus.js:10:19:10:57 | encoding |
| busybus.js:10:19:10:57 | filename |
| busybus.js:10:19:10:57 | mimeType |
| busybus.js:10:21:10:28 | filename |
| busybus.js:10:31:10:38 | encoding |
| busybus.js:10:41:10:48 | mimeType |
| busybus.js:10:54:10:57 | info |
| busybus.js:12:18:12:25 | filename |
| busybus.js:12:18:12:25 | filename |
| busybus.js:12:28:12:35 | encoding |
| busybus.js:12:28:12:35 | encoding |
| busybus.js:12:38:12:45 | mimeType |
| busybus.js:12:38:12:45 | mimeType |
| busybus.js:13:23:13:23 | z |
| busybus.js:13:31:13:36 | sink() |
| busybus.js:13:31:13:36 | sink() |
| busybus.js:15:30:15:33 | data |
| busybus.js:15:30:15:33 | data |
| busybus.js:16:22:16:25 | data |
| busybus.js:16:22:16:25 | data |
| busybus.js:22:25:22:42 | data |
| busybus.js:22:32:22:42 | this.read() |
| busybus.js:22:32:22:42 | this.read() |
| busybus.js:23:26:23:29 | data |
| busybus.js:23:26:23:29 | data |
| busybus.js:27:25:27:28 | name |
| busybus.js:27:25:27:28 | name |
| busybus.js:27:31:27:33 | val |
| busybus.js:27:31:27:33 | val |
| busybus.js:27:36:27:39 | info |
| busybus.js:27:36:27:39 | info |
| busybus.js:28:18:28:21 | name |
| busybus.js:28:18:28:21 | name |
| busybus.js:28:24:28:26 | val |
| busybus.js:28:24:28:26 | val |
| busybus.js:28:29:28:32 | info |
| busybus.js:28:29:28:32 | info |
| dicer.js:12:23:12:26 | part |
| dicer.js:12:23:12:26 | part |
| dicer.js:13:19:13:24 | sink() |
| dicer.js:13:19:13:24 | sink() |
| dicer.js:14:28:14:33 | header |
| dicer.js:14:28:14:33 | header |
| dicer.js:16:22:16:27 | header |
| dicer.js:16:22:16:30 | header[h] |
| dicer.js:16:22:16:30 | header[h] |
| dicer.js:19:26:19:29 | data |
| dicer.js:19:26:19:29 | data |
| dicer.js:20:18:20:21 | data |
| dicer.js:20:18:20:21 | data |
| formidable.js:7:11:7:25 | [fields, files] |
| formidable.js:7:11:7:49 | fields |
| formidable.js:7:11:7:49 | files |
| formidable.js:7:12:7:17 | fields |
| formidable.js:7:20:7:24 | files |
| formidable.js:7:29:7:49 | await f ... se(req) |
| formidable.js:7:35:7:49 | form.parse(req) |
| formidable.js:7:35:7:49 | form.parse(req) |
| formidable.js:8:10:8:15 | fields |
| formidable.js:8:10:8:15 | fields |
| formidable.js:8:18:8:22 | files |
| formidable.js:8:18:8:22 | files |
| formidable.js:9:27:9:34 | formname |
| formidable.js:9:27:9:34 | formname |
| formidable.js:9:37:9:40 | file |
| formidable.js:9:37:9:40 | file |
| formidable.js:10:14:10:21 | formname |
| formidable.js:10:14:10:21 | formname |
| formidable.js:10:24:10:27 | file |
| formidable.js:10:24:10:27 | file |
| formidable.js:12:22:12:29 | formname |
| formidable.js:12:22:12:29 | formname |
| formidable.js:12:32:12:35 | file |
| formidable.js:12:32:12:35 | file |
| formidable.js:13:14:13:21 | formname |
| formidable.js:13:14:13:21 | formname |
| formidable.js:13:24:13:27 | file |
| formidable.js:13:24:13:27 | file |
| formidable.js:15:23:15:31 | fieldName |
| formidable.js:15:23:15:31 | fieldName |
| formidable.js:15:34:15:43 | fieldValue |
| formidable.js:15:34:15:43 | fieldValue |
| formidable.js:16:14:16:22 | fieldName |
| formidable.js:16:14:16:22 | fieldName |
| formidable.js:16:25:16:34 | fieldValue |
| formidable.js:16:25:16:34 | fieldValue |
| multiparty.js:8:22:8:25 | part |
| multiparty.js:8:22:8:25 | part |
| multiparty.js:9:14:9:17 | part |
| multiparty.js:9:14:9:17 | part |
| multiparty.js:10:19:10:24 | sink() |
| multiparty.js:10:19:10:24 | sink() |
| multiparty.js:14:37:14:42 | fields |
| multiparty.js:14:37:14:42 | fields |
| multiparty.js:14:45:14:49 | files |
| multiparty.js:14:45:14:49 | files |
| multiparty.js:15:14:15:19 | fields |
| multiparty.js:15:14:15:19 | fields |
| multiparty.js:15:22:15:26 | files |
| multiparty.js:15:22:15:26 | files |
edges
| busybus.js:9:30:9:33 | file | busybus.js:13:23:13:23 | z |
| busybus.js:9:30:9:33 | file | busybus.js:13:23:13:23 | z |
| busybus.js:9:36:9:39 | info | busybus.js:10:54:10:57 | info |
| busybus.js:9:36:9:39 | info | busybus.js:10:54:10:57 | info |
| busybus.js:10:19:10:50 | { filen ... eType } | busybus.js:10:21:10:28 | filename |
| busybus.js:10:19:10:50 | { filen ... eType } | busybus.js:10:31:10:38 | encoding |
| busybus.js:10:19:10:50 | { filen ... eType } | busybus.js:10:41:10:48 | mimeType |
| busybus.js:10:19:10:57 | encoding | busybus.js:12:28:12:35 | encoding |
| busybus.js:10:19:10:57 | encoding | busybus.js:12:28:12:35 | encoding |
| busybus.js:10:19:10:57 | filename | busybus.js:12:18:12:25 | filename |
| busybus.js:10:19:10:57 | filename | busybus.js:12:18:12:25 | filename |
| busybus.js:10:19:10:57 | mimeType | busybus.js:12:38:12:45 | mimeType |
| busybus.js:10:19:10:57 | mimeType | busybus.js:12:38:12:45 | mimeType |
| busybus.js:10:21:10:28 | filename | busybus.js:10:19:10:57 | filename |
| busybus.js:10:31:10:38 | encoding | busybus.js:10:19:10:57 | encoding |
| busybus.js:10:41:10:48 | mimeType | busybus.js:10:19:10:57 | mimeType |
| busybus.js:10:54:10:57 | info | busybus.js:10:19:10:50 | { filen ... eType } |
| busybus.js:13:23:13:23 | z | busybus.js:13:31:13:36 | sink() |
| busybus.js:13:23:13:23 | z | busybus.js:13:31:13:36 | sink() |
| busybus.js:15:30:15:33 | data | busybus.js:16:22:16:25 | data |
| busybus.js:15:30:15:33 | data | busybus.js:16:22:16:25 | data |
| busybus.js:15:30:15:33 | data | busybus.js:16:22:16:25 | data |
| busybus.js:15:30:15:33 | data | busybus.js:16:22:16:25 | data |
| busybus.js:22:25:22:42 | data | busybus.js:23:26:23:29 | data |
| busybus.js:22:25:22:42 | data | busybus.js:23:26:23:29 | data |
| busybus.js:22:32:22:42 | this.read() | busybus.js:22:25:22:42 | data |
| busybus.js:22:32:22:42 | this.read() | busybus.js:22:25:22:42 | data |
| busybus.js:27:25:27:28 | name | busybus.js:28:18:28:21 | name |
| busybus.js:27:25:27:28 | name | busybus.js:28:18:28:21 | name |
| busybus.js:27:25:27:28 | name | busybus.js:28:18:28:21 | name |
| busybus.js:27:25:27:28 | name | busybus.js:28:18:28:21 | name |
| busybus.js:27:31:27:33 | val | busybus.js:28:24:28:26 | val |
| busybus.js:27:31:27:33 | val | busybus.js:28:24:28:26 | val |
| busybus.js:27:31:27:33 | val | busybus.js:28:24:28:26 | val |
| busybus.js:27:31:27:33 | val | busybus.js:28:24:28:26 | val |
| busybus.js:27:36:27:39 | info | busybus.js:28:29:28:32 | info |
| busybus.js:27:36:27:39 | info | busybus.js:28:29:28:32 | info |
| busybus.js:27:36:27:39 | info | busybus.js:28:29:28:32 | info |
| busybus.js:27:36:27:39 | info | busybus.js:28:29:28:32 | info |
| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() |
| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() |
| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() |
| dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() |
| dicer.js:14:28:14:33 | header | dicer.js:16:22:16:27 | header |
| dicer.js:14:28:14:33 | header | dicer.js:16:22:16:27 | header |
| dicer.js:16:22:16:27 | header | dicer.js:16:22:16:30 | header[h] |
| dicer.js:16:22:16:27 | header | dicer.js:16:22:16:30 | header[h] |
| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data |
| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data |
| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data |
| dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data |
| formidable.js:7:11:7:25 | [fields, files] | formidable.js:7:12:7:17 | fields |
| formidable.js:7:11:7:25 | [fields, files] | formidable.js:7:20:7:24 | files |
| formidable.js:7:11:7:49 | fields | formidable.js:8:10:8:15 | fields |
| formidable.js:7:11:7:49 | fields | formidable.js:8:10:8:15 | fields |
| formidable.js:7:11:7:49 | files | formidable.js:8:18:8:22 | files |
| formidable.js:7:11:7:49 | files | formidable.js:8:18:8:22 | files |
| formidable.js:7:12:7:17 | fields | formidable.js:7:11:7:49 | fields |
| formidable.js:7:20:7:24 | files | formidable.js:7:11:7:49 | files |
| formidable.js:7:29:7:49 | await f ... se(req) | formidable.js:7:11:7:25 | [fields, files] |
| formidable.js:7:35:7:49 | form.parse(req) | formidable.js:7:29:7:49 | await f ... se(req) |
| formidable.js:7:35:7:49 | form.parse(req) | formidable.js:7:29:7:49 | await f ... se(req) |
| formidable.js:9:27:9:34 | formname | formidable.js:10:14:10:21 | formname |
| formidable.js:9:27:9:34 | formname | formidable.js:10:14:10:21 | formname |
| formidable.js:9:27:9:34 | formname | formidable.js:10:14:10:21 | formname |
| formidable.js:9:27:9:34 | formname | formidable.js:10:14:10:21 | formname |
| formidable.js:9:37:9:40 | file | formidable.js:10:24:10:27 | file |
| formidable.js:9:37:9:40 | file | formidable.js:10:24:10:27 | file |
| formidable.js:9:37:9:40 | file | formidable.js:10:24:10:27 | file |
| formidable.js:9:37:9:40 | file | formidable.js:10:24:10:27 | file |
| formidable.js:12:22:12:29 | formname | formidable.js:13:14:13:21 | formname |
| formidable.js:12:22:12:29 | formname | formidable.js:13:14:13:21 | formname |
| formidable.js:12:22:12:29 | formname | formidable.js:13:14:13:21 | formname |
| formidable.js:12:22:12:29 | formname | formidable.js:13:14:13:21 | formname |
| formidable.js:12:32:12:35 | file | formidable.js:13:24:13:27 | file |
| formidable.js:12:32:12:35 | file | formidable.js:13:24:13:27 | file |
| formidable.js:12:32:12:35 | file | formidable.js:13:24:13:27 | file |
| formidable.js:12:32:12:35 | file | formidable.js:13:24:13:27 | file |
| formidable.js:15:23:15:31 | fieldName | formidable.js:16:14:16:22 | fieldName |
| formidable.js:15:23:15:31 | fieldName | formidable.js:16:14:16:22 | fieldName |
| formidable.js:15:23:15:31 | fieldName | formidable.js:16:14:16:22 | fieldName |
| formidable.js:15:23:15:31 | fieldName | formidable.js:16:14:16:22 | fieldName |
| formidable.js:15:34:15:43 | fieldValue | formidable.js:16:25:16:34 | fieldValue |
| formidable.js:15:34:15:43 | fieldValue | formidable.js:16:25:16:34 | fieldValue |
| formidable.js:15:34:15:43 | fieldValue | formidable.js:16:25:16:34 | fieldValue |
| formidable.js:15:34:15:43 | fieldValue | formidable.js:16:25:16:34 | fieldValue |
| multiparty.js:8:22:8:25 | part | multiparty.js:9:14:9:17 | part |
| multiparty.js:8:22:8:25 | part | multiparty.js:9:14:9:17 | part |
| multiparty.js:8:22:8:25 | part | multiparty.js:9:14:9:17 | part |
| multiparty.js:8:22:8:25 | part | multiparty.js:9:14:9:17 | part |
| multiparty.js:8:22:8:25 | part | multiparty.js:10:19:10:24 | sink() |
| multiparty.js:8:22:8:25 | part | multiparty.js:10:19:10:24 | sink() |
| multiparty.js:8:22:8:25 | part | multiparty.js:10:19:10:24 | sink() |
| multiparty.js:8:22:8:25 | part | multiparty.js:10:19:10:24 | sink() |
| multiparty.js:14:37:14:42 | fields | multiparty.js:15:14:15:19 | fields |
| multiparty.js:14:37:14:42 | fields | multiparty.js:15:14:15:19 | fields |
| multiparty.js:14:37:14:42 | fields | multiparty.js:15:14:15:19 | fields |
| multiparty.js:14:37:14:42 | fields | multiparty.js:15:14:15:19 | fields |
| multiparty.js:14:45:14:49 | files | multiparty.js:15:22:15:26 | files |
| multiparty.js:14:45:14:49 | files | multiparty.js:15:22:15:26 | files |
| multiparty.js:14:45:14:49 | files | multiparty.js:15:22:15:26 | files |
| multiparty.js:14:45:14:49 | files | multiparty.js:15:22:15:26 | files |
#select
| busybus.js:12:18:12:25 | filename | busybus.js:9:36:9:39 | info | busybus.js:12:18:12:25 | filename | This entity depends on a $@. | busybus.js:9:36:9:39 | info | user-provided value |
| busybus.js:12:28:12:35 | encoding | busybus.js:9:36:9:39 | info | busybus.js:12:28:12:35 | encoding | This entity depends on a $@. | busybus.js:9:36:9:39 | info | user-provided value |
| busybus.js:12:38:12:45 | mimeType | busybus.js:9:36:9:39 | info | busybus.js:12:38:12:45 | mimeType | This entity depends on a $@. | busybus.js:9:36:9:39 | info | user-provided value |
| busybus.js:13:31:13:36 | sink() | busybus.js:9:30:9:33 | file | busybus.js:13:31:13:36 | sink() | This entity depends on a $@. | busybus.js:9:30:9:33 | file | user-provided value |
| busybus.js:16:22:16:25 | data | busybus.js:15:30:15:33 | data | busybus.js:16:22:16:25 | data | This entity depends on a $@. | busybus.js:15:30:15:33 | data | user-provided value |
| busybus.js:23:26:23:29 | data | busybus.js:22:32:22:42 | this.read() | busybus.js:23:26:23:29 | data | This entity depends on a $@. | busybus.js:22:32:22:42 | this.read() | user-provided value |
| busybus.js:28:18:28:21 | name | busybus.js:27:25:27:28 | name | busybus.js:28:18:28:21 | name | This entity depends on a $@. | busybus.js:27:25:27:28 | name | user-provided value |
| busybus.js:28:24:28:26 | val | busybus.js:27:31:27:33 | val | busybus.js:28:24:28:26 | val | This entity depends on a $@. | busybus.js:27:31:27:33 | val | user-provided value |
| busybus.js:28:29:28:32 | info | busybus.js:27:36:27:39 | info | busybus.js:28:29:28:32 | info | This entity depends on a $@. | busybus.js:27:36:27:39 | info | user-provided value |
| dicer.js:13:19:13:24 | sink() | dicer.js:12:23:12:26 | part | dicer.js:13:19:13:24 | sink() | This entity depends on a $@. | dicer.js:12:23:12:26 | part | user-provided value |
| dicer.js:16:22:16:30 | header[h] | dicer.js:14:28:14:33 | header | dicer.js:16:22:16:30 | header[h] | This entity depends on a $@. | dicer.js:14:28:14:33 | header | user-provided value |
| dicer.js:20:18:20:21 | data | dicer.js:19:26:19:29 | data | dicer.js:20:18:20:21 | data | This entity depends on a $@. | dicer.js:19:26:19:29 | data | user-provided value |
| formidable.js:8:10:8:15 | fields | formidable.js:7:35:7:49 | form.parse(req) | formidable.js:8:10:8:15 | fields | This entity depends on a $@. | formidable.js:7:35:7:49 | form.parse(req) | user-provided value |
| formidable.js:8:18:8:22 | files | formidable.js:7:35:7:49 | form.parse(req) | formidable.js:8:18:8:22 | files | This entity depends on a $@. | formidable.js:7:35:7:49 | form.parse(req) | user-provided value |
| formidable.js:10:14:10:21 | formname | formidable.js:9:27:9:34 | formname | formidable.js:10:14:10:21 | formname | This entity depends on a $@. | formidable.js:9:27:9:34 | formname | user-provided value |
| formidable.js:10:24:10:27 | file | formidable.js:9:37:9:40 | file | formidable.js:10:24:10:27 | file | This entity depends on a $@. | formidable.js:9:37:9:40 | file | user-provided value |
| formidable.js:13:14:13:21 | formname | formidable.js:12:22:12:29 | formname | formidable.js:13:14:13:21 | formname | This entity depends on a $@. | formidable.js:12:22:12:29 | formname | user-provided value |
| formidable.js:13:24:13:27 | file | formidable.js:12:32:12:35 | file | formidable.js:13:24:13:27 | file | This entity depends on a $@. | formidable.js:12:32:12:35 | file | user-provided value |
| formidable.js:16:14:16:22 | fieldName | formidable.js:15:23:15:31 | fieldName | formidable.js:16:14:16:22 | fieldName | This entity depends on a $@. | formidable.js:15:23:15:31 | fieldName | user-provided value |
| formidable.js:16:25:16:34 | fieldValue | formidable.js:15:34:15:43 | fieldValue | formidable.js:16:25:16:34 | fieldValue | This entity depends on a $@. | formidable.js:15:34:15:43 | fieldValue | user-provided value |
| multiparty.js:9:14:9:17 | part | multiparty.js:8:22:8:25 | part | multiparty.js:9:14:9:17 | part | This entity depends on a $@. | multiparty.js:8:22:8:25 | part | user-provided value |
| multiparty.js:10:19:10:24 | sink() | multiparty.js:8:22:8:25 | part | multiparty.js:10:19:10:24 | sink() | This entity depends on a $@. | multiparty.js:8:22:8:25 | part | user-provided value |
| multiparty.js:15:14:15:19 | fields | multiparty.js:14:37:14:42 | fields | multiparty.js:15:14:15:19 | fields | This entity depends on a $@. | multiparty.js:14:37:14:42 | fields | user-provided value |
| multiparty.js:15:22:15:26 | files | multiparty.js:14:45:14:49 | files | multiparty.js:15:22:15:26 | files | This entity depends on a $@. | multiparty.js:14:45:14:49 | files | user-provided value |

34
javascript/ql/test/experimental/FormParsers/RemoteFlowSource.ql Normal file
View File

@@ -0,0 +1,34 @@
/**
* @name Remote Form Flow Sources
* @description Using remote user controlled sources from Forms
* @kind path-problem
* @problem.severity error
* @security-severity 5
* @precision high
* @id js/remote-flow-source
* @tags correctness
* security
*/
import javascript
import DataFlow::PathGraph
import experimental.semmle.javascript.FormParsers
/**
* A taint-tracking configuration for test
*/
class Configuration extends TaintTracking::Configuration {
Configuration() { this = "RemoteFlowSourcesOUserForm" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) {
sink = API::moduleImport("sink").getAParameter().asSink() or
sink = API::moduleImport("sink").getReturn().asSource()
}
}
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "This entity depends on a $@.", source.getNode(),
"user-provided value"

33
javascript/ql/test/experimental/FormParsers/busybus.js Normal file
View File

@@ -0,0 +1,33 @@
const http = require('http');
const zlib = require('node:zlib');
const busboy = require('busboy');
const sink = require('sink');
http.createServer((req, res) => {
if (req.method === 'POST') {
const bb = busboy({ headers: req.headers });
bb.on('file', (name, file, info) => {
const { filename, encoding, mimeType } = info;
const z = zlib.createGzip();
sink(filename, encoding, mimeType) // sink
file.pipe(z).pipe(sink())
file.on('data', (data) => {
sink(data)
})
file.on('readable', function () {
// There is some data to read now.
let data;
while ((data = this.read()) !== null) {
sink(data)
}
});
});
bb.on('field', (name, val, info) => {
sink(name, val, info)
});
}
}).listen(8000, () => {
console.log('Listening for requests');
});

25
javascript/ql/test/experimental/FormParsers/dicer.js Normal file
View File

@@ -0,0 +1,25 @@
const { inspect } = require('util');
const http = require('http');
const Dicer = require('dicer');
const sink = require('sink');
const PORT = 8080;
http.createServer((req, res) => {
let m;
const dicer = new Dicer({ boundary: m[1] || m[2] });
dicer.on('part', (part) => {
part.pipe(sink())
part.on('header', (header) => {
for (h in header) {
sink(header[h])
}
});
part.on('data', (data) => {
sink(data)
});
});
}).listen(PORT, () => {
console.log(`Listening for requests on port ${PORT}`);
});

22
javascript/ql/test/experimental/FormParsers/formidable.js Normal file
View File

@@ -0,0 +1,22 @@
import http from 'node:http';
import formidable from 'formidable';
const sink = require('sink');
const server = http.createServer(async (req, res) => {
const form = formidable({});
const [fields, files] = await form.parse(req);
sink(fields, files)
form.on('fileBegin', (formname, file) => {
sink(formname, file)
});
form.on('file', (formname, file) => {
sink(formname, file)
});
form.on('field', (fieldName, fieldValue) => {
sink(fieldName, fieldValue)
});
});
server.listen(8080, () => {
console.log('Server listening on http://localhost:8080/ ...');
});

19
javascript/ql/test/experimental/FormParsers/multiparty.js Normal file
View File

@@ -0,0 +1,19 @@
var multiparty = require('multiparty');
var http = require('http');
var util = require('util');
const sink = require('sink');
http.createServer(function (req, res) {
var form = new multiparty.Form();
form.on('part', (part) => {
sink(part)
part.pipe(sink())
});
var form2 = new multiparty.Form();
form2.parse(req, function (err, fields, files) {
sink(fields, files)
});
form2.parse(req);
}).listen(8080);

391
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected Normal file
View File

@@ -0,0 +1,391 @@
nodes
| adm-zip.js:13:13:13:21 | req.files |
| adm-zip.js:13:13:13:21 | req.files |
| adm-zip.js:13:13:13:33 | req.fil ... ombFile |
| adm-zip.js:17:18:17:24 | tarFile |
| adm-zip.js:24:22:24:28 | tarFile |
| adm-zip.js:24:22:24:33 | tarFile.data |
| adm-zip.js:28:25:28:42 | zipEntry.getData() |
| adm-zip.js:28:25:28:42 | zipEntry.getData() |
| adm-zip.js:32:17:32:41 | admZip. ... "10GB") |
| adm-zip.js:32:17:32:41 | admZip. ... "10GB") |
| adm-zip.js:34:5:34:55 | admZip. ... , true) |
| adm-zip.js:34:5:34:55 | admZip. ... , true) |
| adm-zip.js:36:5:36:38 | admZip. ... , true) |
| adm-zip.js:36:5:36:38 | admZip. ... , true) |
| decompress.js:11:16:11:33 | req.query.filePath |
| decompress.js:11:16:11:33 | req.query.filePath |
| decompress.js:11:16:11:33 | req.query.filePath |
| jszip.js:12:13:12:21 | req.files |
| jszip.js:12:13:12:21 | req.files |
| jszip.js:12:13:12:33 | req.fil ... ombFile |
| jszip.js:12:13:12:38 | req.fil ... le.data |
| jszip.js:32:18:32:24 | zipFile |
| jszip.js:33:22:33:28 | zipFile |
| jszip.js:33:22:33:33 | zipFile.data |
| jszip.js:33:22:33:33 | zipFile.data |
| node-tar.js:15:13:15:21 | req.files |
| node-tar.js:15:13:15:21 | req.files |
| node-tar.js:15:13:15:33 | req.fil ... ombFile |
| node-tar.js:15:13:15:38 | req.fil ... le.data |
| node-tar.js:19:18:19:24 | tarFile |
| node-tar.js:21:23:21:49 | Readabl ... e.data) |
| node-tar.js:21:37:21:43 | tarFile |
| node-tar.js:21:37:21:48 | tarFile.data |
| node-tar.js:24:9:24:15 | tar.x() |
| node-tar.js:24:9:24:15 | tar.x() |
| node-tar.js:29:5:29:37 | fs.crea ... e.name) |
| node-tar.js:29:25:29:31 | tarFile |
| node-tar.js:29:25:29:36 | tarFile.name |
| node-tar.js:30:9:33:10 | tar.x({ ... }) |
| node-tar.js:30:9:33:10 | tar.x({ ... }) |
| node-tar.js:45:5:45:37 | fs.crea ... e.name) |
| node-tar.js:45:25:45:31 | tarFile |
| node-tar.js:45:25:45:36 | tarFile.name |
| node-tar.js:46:9:46:20 | decompressor |
| node-tar.js:48:9:50:10 | tar.x({ ... }) |
| node-tar.js:48:9:50:10 | tar.x({ ... }) |
| node-tar.js:58:19:58:25 | tarFile |
| node-tar.js:58:19:58:30 | tarFile.name |
| node-tar.js:58:19:58:30 | tarFile.name |
| node-tar.js:59:25:59:31 | tarFile |
| node-tar.js:59:25:59:36 | tarFile.name |
| node-tar.js:59:25:59:36 | tarFile.name |
| pako.js:12:14:12:22 | req.files |
| pako.js:12:14:12:22 | req.files |
| pako.js:12:14:12:34 | req.fil ... ombFile |
| pako.js:12:14:12:39 | req.fil ... le.data |
| pako.js:13:14:13:22 | req.files |
| pako.js:13:14:13:22 | req.files |
| pako.js:13:14:13:34 | req.fil ... ombFile |
| pako.js:13:14:13:39 | req.fil ... le.data |
| pako.js:17:19:17:25 | zipFile |
| pako.js:18:11:18:68 | myArray |
| pako.js:18:21:18:68 | Buffer. ... uffer)) |
| pako.js:18:33:18:67 | new Uin ... buffer) |
| pako.js:18:48:18:54 | zipFile |
| pako.js:18:48:18:59 | zipFile.data |
| pako.js:18:48:18:66 | zipFile.data.buffer |
| pako.js:21:31:21:37 | myArray |
| pako.js:21:31:21:37 | myArray |
| pako.js:28:19:28:25 | zipFile |
| pako.js:29:11:29:62 | myArray |
| pako.js:29:21:29:55 | new Uin ... buffer) |
| pako.js:29:21:29:62 | new Uin ... .buffer |
| pako.js:29:36:29:42 | zipFile |
| pako.js:29:36:29:47 | zipFile.data |
| pako.js:29:36:29:54 | zipFile.data.buffer |
| pako.js:32:31:32:37 | myArray |
| pako.js:32:31:32:37 | myArray |
| unbzip2.js:12:5:12:43 | fs.crea ... lePath) |
| unbzip2.js:12:25:12:42 | req.query.FilePath |
| unbzip2.js:12:25:12:42 | req.query.FilePath |
| unbzip2.js:12:50:12:54 | bz2() |
| unbzip2.js:12:50:12:54 | bz2() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) |
| unzipper.js:13:40:13:48 | req.files |
| unzipper.js:13:40:13:48 | req.files |
| unzipper.js:13:40:13:56 | req.files.ZipFile |
| unzipper.js:13:40:13:61 | req.fil ... le.data |
| unzipper.js:16:23:16:63 | unzippe ... ath' }) |
| unzipper.js:16:23:16:63 | unzippe ... ath' }) |
| unzipper.js:19:23:19:41 | unzipper.ParseOne() |
| unzipper.js:19:23:19:41 | unzipper.ParseOne() |
| unzipper.js:24:15:24:30 | unzipper.Parse() |
| unzipper.js:24:15:24:30 | unzipper.Parse() |
| unzipper.js:34:15:34:30 | unzipper.Parse() |
| unzipper.js:34:15:34:30 | unzipper.Parse() |
| unzipper.js:41:35:41:71 | unzippe ... true }) |
| unzipper.js:41:35:41:71 | unzippe ... true }) |
| unzipper.js:51:36:51:72 | unzippe ... true }) |
| unzipper.js:51:36:51:72 | unzippe ... true }) |
| unzipper.js:60:23:60:38 | unzipper.Parse() |
| unzipper.js:60:23:60:38 | unzipper.Parse() |
| unzipper.js:73:23:73:38 | unzipper.Parse() |
| unzipper.js:73:23:73:38 | unzipper.Parse() |
| yauzl.js:12:18:12:26 | req.files |
| yauzl.js:12:18:12:26 | req.files |
| yauzl.js:12:18:12:34 | req.files.zipFile |
| yauzl.js:12:18:12:39 | req.fil ... le.data |
| yauzl.js:12:18:12:39 | req.fil ... le.data |
| yauzl.js:13:22:13:30 | req.files |
| yauzl.js:13:22:13:30 | req.files |
| yauzl.js:13:22:13:38 | req.files.zipFile |
| yauzl.js:13:22:13:43 | req.fil ... le.data |
| yauzl.js:13:22:13:43 | req.fil ... le.data |
| yauzl.js:14:34:14:42 | req.files |
| yauzl.js:14:34:14:42 | req.files |
| yauzl.js:14:34:14:50 | req.files.zipFile |
| yauzl.js:14:34:14:55 | req.fil ... le.data |
| yauzl.js:14:34:14:55 | req.fil ... le.data |
| yauzl.js:37:16:37:33 | req.query.filePath |
| yauzl.js:37:16:37:33 | req.query.filePath |
| yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:41:64:41:73 | readStream |
| yauzl.js:41:64:41:73 | readStream |
| yauzl.js:43:21:43:39 | zipfile.readEntry() |
| yauzl.js:43:21:43:39 | zipfile.readEntry() |
| zlib.js:15:19:15:27 | req.files |
| zlib.js:15:19:15:27 | req.files |
| zlib.js:15:19:15:39 | req.fil ... ombFile |
| zlib.js:15:19:15:44 | req.fil ... le.data |
| zlib.js:17:18:17:26 | req.files |
| zlib.js:17:18:17:26 | req.files |
| zlib.js:17:18:17:38 | req.fil ... ombFile |
| zlib.js:17:18:17:43 | req.fil ... le.data |
| zlib.js:19:24:19:32 | req.files |
| zlib.js:19:24:19:32 | req.files |
| zlib.js:19:24:19:44 | req.fil ... ombFile |
| zlib.js:19:24:19:49 | req.fil ... le.data |
| zlib.js:21:32:21:40 | req.files |
| zlib.js:21:32:21:40 | req.files |
| zlib.js:21:32:21:52 | req.fil ... ombFile |
| zlib.js:21:32:21:57 | req.fil ... le.data |
| zlib.js:27:24:27:30 | zipFile |
| zlib.js:29:9:29:15 | zipFile |
| zlib.js:29:9:29:20 | zipFile.data |
| zlib.js:29:9:29:20 | zipFile.data |
| zlib.js:33:9:33:15 | zipFile |
| zlib.js:33:9:33:20 | zipFile.data |
| zlib.js:33:9:33:20 | zipFile.data |
| zlib.js:38:9:38:15 | zipFile |
| zlib.js:38:9:38:20 | zipFile.data |
| zlib.js:38:9:38:20 | zipFile.data |
| zlib.js:62:23:62:29 | zipFile |
| zlib.js:63:21:63:27 | zipFile |
| zlib.js:63:21:63:32 | zipFile.data |
| zlib.js:63:21:63:32 | zipFile.data |
| zlib.js:64:20:64:26 | zipFile |
| zlib.js:64:20:64:31 | zipFile.data |
| zlib.js:64:20:64:31 | zipFile.data |
| zlib.js:65:31:65:37 | zipFile |
| zlib.js:65:31:65:42 | zipFile.data |
| zlib.js:65:31:65:42 | zipFile.data |
| zlib.js:74:29:74:35 | zipFile |
| zlib.js:75:25:75:51 | Readabl ... e.data) |
| zlib.js:75:39:75:45 | zipFile |
| zlib.js:75:39:75:50 | zipFile.data |
| zlib.js:77:22:77:40 | zlib.createGunzip() |
| zlib.js:77:22:77:40 | zlib.createGunzip() |
| zlib.js:78:22:78:39 | zlib.createUnzip() |
| zlib.js:78:22:78:39 | zlib.createUnzip() |
| zlib.js:79:22:79:50 | zlib.cr ... press() |
| zlib.js:79:22:79:50 | zlib.cr ... press() |
| zlib.js:82:43:82:49 | zipFile |
| zlib.js:83:11:83:51 | inputStream |
| zlib.js:83:25:83:51 | Readabl ... e.data) |
| zlib.js:83:39:83:45 | zipFile |
| zlib.js:83:39:83:50 | zipFile.data |
| zlib.js:86:9:86:19 | inputStream |
| zlib.js:87:9:87:27 | zlib.createGunzip() |
| zlib.js:87:9:87:27 | zlib.createGunzip() |
edges
| adm-zip.js:13:13:13:21 | req.files | adm-zip.js:13:13:13:33 | req.fil ... ombFile |
| adm-zip.js:13:13:13:21 | req.files | adm-zip.js:13:13:13:33 | req.fil ... ombFile |
| adm-zip.js:13:13:13:33 | req.fil ... ombFile | adm-zip.js:17:18:17:24 | tarFile |
| adm-zip.js:17:18:17:24 | tarFile | adm-zip.js:24:22:24:28 | tarFile |
| adm-zip.js:24:22:24:28 | tarFile | adm-zip.js:24:22:24:33 | tarFile.data |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:28:25:28:42 | zipEntry.getData() |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:28:25:28:42 | zipEntry.getData() |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:32:17:32:41 | admZip. ... "10GB") |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:32:17:32:41 | admZip. ... "10GB") |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:34:5:34:55 | admZip. ... , true) |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:34:5:34:55 | admZip. ... , true) |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:36:5:36:38 | admZip. ... , true) |
| adm-zip.js:24:22:24:33 | tarFile.data | adm-zip.js:36:5:36:38 | admZip. ... , true) |
| decompress.js:11:16:11:33 | req.query.filePath | decompress.js:11:16:11:33 | req.query.filePath |
| jszip.js:12:13:12:21 | req.files | jszip.js:12:13:12:33 | req.fil ... ombFile |
| jszip.js:12:13:12:21 | req.files | jszip.js:12:13:12:33 | req.fil ... ombFile |
| jszip.js:12:13:12:33 | req.fil ... ombFile | jszip.js:12:13:12:38 | req.fil ... le.data |
| jszip.js:12:13:12:38 | req.fil ... le.data | jszip.js:32:18:32:24 | zipFile |
| jszip.js:32:18:32:24 | zipFile | jszip.js:33:22:33:28 | zipFile |
| jszip.js:33:22:33:28 | zipFile | jszip.js:33:22:33:33 | zipFile.data |
| jszip.js:33:22:33:28 | zipFile | jszip.js:33:22:33:33 | zipFile.data |
| node-tar.js:15:13:15:21 | req.files | node-tar.js:15:13:15:33 | req.fil ... ombFile |
| node-tar.js:15:13:15:21 | req.files | node-tar.js:15:13:15:33 | req.fil ... ombFile |
| node-tar.js:15:13:15:33 | req.fil ... ombFile | node-tar.js:15:13:15:38 | req.fil ... le.data |
| node-tar.js:15:13:15:38 | req.fil ... le.data | node-tar.js:19:18:19:24 | tarFile |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:21:37:21:43 | tarFile |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:29:25:29:31 | tarFile |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:45:25:45:31 | tarFile |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:58:19:58:25 | tarFile |
| node-tar.js:19:18:19:24 | tarFile | node-tar.js:59:25:59:31 | tarFile |
| node-tar.js:21:23:21:49 | Readabl ... e.data) | node-tar.js:24:9:24:15 | tar.x() |
| node-tar.js:21:23:21:49 | Readabl ... e.data) | node-tar.js:24:9:24:15 | tar.x() |
| node-tar.js:21:37:21:43 | tarFile | node-tar.js:21:37:21:48 | tarFile.data |
| node-tar.js:21:37:21:48 | tarFile.data | node-tar.js:21:23:21:49 | Readabl ... e.data) |
| node-tar.js:29:5:29:37 | fs.crea ... e.name) | node-tar.js:30:9:33:10 | tar.x({ ... }) |
| node-tar.js:29:5:29:37 | fs.crea ... e.name) | node-tar.js:30:9:33:10 | tar.x({ ... }) |
| node-tar.js:29:25:29:31 | tarFile | node-tar.js:29:25:29:36 | tarFile.name |
| node-tar.js:29:25:29:36 | tarFile.name | node-tar.js:29:5:29:37 | fs.crea ... e.name) |
| node-tar.js:45:5:45:37 | fs.crea ... e.name) | node-tar.js:46:9:46:20 | decompressor |
| node-tar.js:45:25:45:31 | tarFile | node-tar.js:45:25:45:36 | tarFile.name |
| node-tar.js:45:25:45:36 | tarFile.name | node-tar.js:45:5:45:37 | fs.crea ... e.name) |
| node-tar.js:46:9:46:20 | decompressor | node-tar.js:48:9:50:10 | tar.x({ ... }) |
| node-tar.js:46:9:46:20 | decompressor | node-tar.js:48:9:50:10 | tar.x({ ... }) |
| node-tar.js:58:19:58:25 | tarFile | node-tar.js:58:19:58:30 | tarFile.name |
| node-tar.js:58:19:58:25 | tarFile | node-tar.js:58:19:58:30 | tarFile.name |
| node-tar.js:59:25:59:31 | tarFile | node-tar.js:59:25:59:36 | tarFile.name |
| node-tar.js:59:25:59:31 | tarFile | node-tar.js:59:25:59:36 | tarFile.name |
| pako.js:12:14:12:22 | req.files | pako.js:12:14:12:34 | req.fil ... ombFile |
| pako.js:12:14:12:22 | req.files | pako.js:12:14:12:34 | req.fil ... ombFile |
| pako.js:12:14:12:34 | req.fil ... ombFile | pako.js:12:14:12:39 | req.fil ... le.data |
| pako.js:12:14:12:39 | req.fil ... le.data | pako.js:17:19:17:25 | zipFile |
| pako.js:13:14:13:22 | req.files | pako.js:13:14:13:34 | req.fil ... ombFile |
| pako.js:13:14:13:22 | req.files | pako.js:13:14:13:34 | req.fil ... ombFile |
| pako.js:13:14:13:34 | req.fil ... ombFile | pako.js:13:14:13:39 | req.fil ... le.data |
| pako.js:13:14:13:39 | req.fil ... le.data | pako.js:28:19:28:25 | zipFile |
| pako.js:17:19:17:25 | zipFile | pako.js:18:48:18:54 | zipFile |
| pako.js:18:11:18:68 | myArray | pako.js:21:31:21:37 | myArray |
| pako.js:18:11:18:68 | myArray | pako.js:21:31:21:37 | myArray |
| pako.js:18:21:18:68 | Buffer. ... uffer)) | pako.js:18:11:18:68 | myArray |
| pako.js:18:33:18:67 | new Uin ... buffer) | pako.js:18:21:18:68 | Buffer. ... uffer)) |
| pako.js:18:48:18:54 | zipFile | pako.js:18:48:18:59 | zipFile.data |
| pako.js:18:48:18:59 | zipFile.data | pako.js:18:48:18:66 | zipFile.data.buffer |
| pako.js:18:48:18:66 | zipFile.data.buffer | pako.js:18:33:18:67 | new Uin ... buffer) |
| pako.js:28:19:28:25 | zipFile | pako.js:29:36:29:42 | zipFile |
| pako.js:29:11:29:62 | myArray | pako.js:32:31:32:37 | myArray |
| pako.js:29:11:29:62 | myArray | pako.js:32:31:32:37 | myArray |
| pako.js:29:21:29:55 | new Uin ... buffer) | pako.js:29:21:29:62 | new Uin ... .buffer |
| pako.js:29:21:29:62 | new Uin ... .buffer | pako.js:29:11:29:62 | myArray |
| pako.js:29:36:29:42 | zipFile | pako.js:29:36:29:47 | zipFile.data |
| pako.js:29:36:29:47 | zipFile.data | pako.js:29:36:29:54 | zipFile.data.buffer |
| pako.js:29:36:29:54 | zipFile.data.buffer | pako.js:29:21:29:55 | new Uin ... buffer) |
| unbzip2.js:12:5:12:43 | fs.crea ... lePath) | unbzip2.js:12:50:12:54 | bz2() |
| unbzip2.js:12:5:12:43 | fs.crea ... lePath) | unbzip2.js:12:50:12:54 | bz2() |
| unbzip2.js:12:25:12:42 | req.query.FilePath | unbzip2.js:12:5:12:43 | fs.crea ... lePath) |
| unbzip2.js:12:25:12:42 | req.query.FilePath | unbzip2.js:12:5:12:43 | fs.crea ... lePath) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:16:23:16:63 | unzippe ... ath' }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:16:23:16:63 | unzippe ... ath' }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:19:23:19:41 | unzipper.ParseOne() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:19:23:19:41 | unzipper.ParseOne() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:24:15:24:30 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:24:15:24:30 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:34:15:34:30 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:34:15:34:30 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:41:35:41:71 | unzippe ... true }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:41:35:41:71 | unzippe ... true }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:51:36:51:72 | unzippe ... true }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:51:36:51:72 | unzippe ... true }) |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:60:23:60:38 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:60:23:60:38 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:73:23:73:38 | unzipper.Parse() |
| unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:73:23:73:38 | unzipper.Parse() |
| unzipper.js:13:40:13:48 | req.files | unzipper.js:13:40:13:56 | req.files.ZipFile |
| unzipper.js:13:40:13:48 | req.files | unzipper.js:13:40:13:56 | req.files.ZipFile |
| unzipper.js:13:40:13:56 | req.files.ZipFile | unzipper.js:13:40:13:61 | req.fil ... le.data |
| unzipper.js:13:40:13:61 | req.fil ... le.data | unzipper.js:13:26:13:62 | Readabl ... e.data) |
| yauzl.js:12:18:12:26 | req.files | yauzl.js:12:18:12:34 | req.files.zipFile |
| yauzl.js:12:18:12:26 | req.files | yauzl.js:12:18:12:34 | req.files.zipFile |
| yauzl.js:12:18:12:34 | req.files.zipFile | yauzl.js:12:18:12:39 | req.fil ... le.data |
| yauzl.js:12:18:12:34 | req.files.zipFile | yauzl.js:12:18:12:39 | req.fil ... le.data |
| yauzl.js:13:22:13:30 | req.files | yauzl.js:13:22:13:38 | req.files.zipFile |
| yauzl.js:13:22:13:30 | req.files | yauzl.js:13:22:13:38 | req.files.zipFile |
| yauzl.js:13:22:13:38 | req.files.zipFile | yauzl.js:13:22:13:43 | req.fil ... le.data |
| yauzl.js:13:22:13:38 | req.files.zipFile | yauzl.js:13:22:13:43 | req.fil ... le.data |
| yauzl.js:14:34:14:42 | req.files | yauzl.js:14:34:14:50 | req.files.zipFile |
| yauzl.js:14:34:14:42 | req.files | yauzl.js:14:34:14:50 | req.files.zipFile |
| yauzl.js:14:34:14:50 | req.files.zipFile | yauzl.js:14:34:14:55 | req.fil ... le.data |
| yauzl.js:14:34:14:50 | req.files.zipFile | yauzl.js:14:34:14:55 | req.fil ... le.data |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() |
| yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() |
| zlib.js:15:19:15:27 | req.files | zlib.js:15:19:15:39 | req.fil ... ombFile |
| zlib.js:15:19:15:27 | req.files | zlib.js:15:19:15:39 | req.fil ... ombFile |
| zlib.js:15:19:15:39 | req.fil ... ombFile | zlib.js:15:19:15:44 | req.fil ... le.data |
| zlib.js:15:19:15:44 | req.fil ... le.data | zlib.js:27:24:27:30 | zipFile |
| zlib.js:17:18:17:26 | req.files | zlib.js:17:18:17:38 | req.fil ... ombFile |
| zlib.js:17:18:17:26 | req.files | zlib.js:17:18:17:38 | req.fil ... ombFile |
| zlib.js:17:18:17:38 | req.fil ... ombFile | zlib.js:17:18:17:43 | req.fil ... le.data |
| zlib.js:17:18:17:43 | req.fil ... le.data | zlib.js:62:23:62:29 | zipFile |
| zlib.js:19:24:19:32 | req.files | zlib.js:19:24:19:44 | req.fil ... ombFile |
| zlib.js:19:24:19:32 | req.files | zlib.js:19:24:19:44 | req.fil ... ombFile |
| zlib.js:19:24:19:44 | req.fil ... ombFile | zlib.js:19:24:19:49 | req.fil ... le.data |
| zlib.js:19:24:19:49 | req.fil ... le.data | zlib.js:74:29:74:35 | zipFile |
| zlib.js:21:32:21:40 | req.files | zlib.js:21:32:21:52 | req.fil ... ombFile |
| zlib.js:21:32:21:40 | req.files | zlib.js:21:32:21:52 | req.fil ... ombFile |
| zlib.js:21:32:21:52 | req.fil ... ombFile | zlib.js:21:32:21:57 | req.fil ... le.data |
| zlib.js:21:32:21:57 | req.fil ... le.data | zlib.js:82:43:82:49 | zipFile |
| zlib.js:27:24:27:30 | zipFile | zlib.js:29:9:29:15 | zipFile |
| zlib.js:27:24:27:30 | zipFile | zlib.js:33:9:33:15 | zipFile |
| zlib.js:27:24:27:30 | zipFile | zlib.js:38:9:38:15 | zipFile |
| zlib.js:29:9:29:15 | zipFile | zlib.js:29:9:29:20 | zipFile.data |
| zlib.js:29:9:29:15 | zipFile | zlib.js:29:9:29:20 | zipFile.data |
| zlib.js:33:9:33:15 | zipFile | zlib.js:33:9:33:20 | zipFile.data |
| zlib.js:33:9:33:15 | zipFile | zlib.js:33:9:33:20 | zipFile.data |
| zlib.js:38:9:38:15 | zipFile | zlib.js:38:9:38:20 | zipFile.data |
| zlib.js:38:9:38:15 | zipFile | zlib.js:38:9:38:20 | zipFile.data |
| zlib.js:62:23:62:29 | zipFile | zlib.js:63:21:63:27 | zipFile |
| zlib.js:62:23:62:29 | zipFile | zlib.js:64:20:64:26 | zipFile |
| zlib.js:62:23:62:29 | zipFile | zlib.js:65:31:65:37 | zipFile |
| zlib.js:63:21:63:27 | zipFile | zlib.js:63:21:63:32 | zipFile.data |
| zlib.js:63:21:63:27 | zipFile | zlib.js:63:21:63:32 | zipFile.data |
| zlib.js:64:20:64:26 | zipFile | zlib.js:64:20:64:31 | zipFile.data |
| zlib.js:64:20:64:26 | zipFile | zlib.js:64:20:64:31 | zipFile.data |
| zlib.js:65:31:65:37 | zipFile | zlib.js:65:31:65:42 | zipFile.data |
| zlib.js:65:31:65:37 | zipFile | zlib.js:65:31:65:42 | zipFile.data |
| zlib.js:74:29:74:35 | zipFile | zlib.js:75:39:75:45 | zipFile |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:77:22:77:40 | zlib.createGunzip() |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:77:22:77:40 | zlib.createGunzip() |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:78:22:78:39 | zlib.createUnzip() |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:78:22:78:39 | zlib.createUnzip() |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:79:22:79:50 | zlib.cr ... press() |
| zlib.js:75:25:75:51 | Readabl ... e.data) | zlib.js:79:22:79:50 | zlib.cr ... press() |
| zlib.js:75:39:75:45 | zipFile | zlib.js:75:39:75:50 | zipFile.data |
| zlib.js:75:39:75:50 | zipFile.data | zlib.js:75:25:75:51 | Readabl ... e.data) |
| zlib.js:82:43:82:49 | zipFile | zlib.js:83:39:83:45 | zipFile |
| zlib.js:83:11:83:51 | inputStream | zlib.js:86:9:86:19 | inputStream |
| zlib.js:83:25:83:51 | Readabl ... e.data) | zlib.js:83:11:83:51 | inputStream |
| zlib.js:83:39:83:45 | zipFile | zlib.js:83:39:83:50 | zipFile.data |
| zlib.js:83:39:83:50 | zipFile.data | zlib.js:83:25:83:51 | Readabl ... e.data) |
| zlib.js:86:9:86:19 | inputStream | zlib.js:87:9:87:27 | zlib.createGunzip() |
| zlib.js:86:9:86:19 | inputStream | zlib.js:87:9:87:27 | zlib.createGunzip() |
#select
| adm-zip.js:28:25:28:42 | zipEntry.getData() | adm-zip.js:13:13:13:21 | req.files | adm-zip.js:28:25:28:42 | zipEntry.getData() | This Decompression depends on a $@. | adm-zip.js:13:13:13:21 | req.files | potentially untrusted source |
| adm-zip.js:32:17:32:41 | admZip. ... "10GB") | adm-zip.js:13:13:13:21 | req.files | adm-zip.js:32:17:32:41 | admZip. ... "10GB") | This Decompression depends on a $@. | adm-zip.js:13:13:13:21 | req.files | potentially untrusted source |
| adm-zip.js:34:5:34:55 | admZip. ... , true) | adm-zip.js:13:13:13:21 | req.files | adm-zip.js:34:5:34:55 | admZip. ... , true) | This Decompression depends on a $@. | adm-zip.js:13:13:13:21 | req.files | potentially untrusted source |
| adm-zip.js:36:5:36:38 | admZip. ... , true) | adm-zip.js:13:13:13:21 | req.files | adm-zip.js:36:5:36:38 | admZip. ... , true) | This Decompression depends on a $@. | adm-zip.js:13:13:13:21 | req.files | potentially untrusted source |
| decompress.js:11:16:11:33 | req.query.filePath | decompress.js:11:16:11:33 | req.query.filePath | decompress.js:11:16:11:33 | req.query.filePath | This Decompression depends on a $@. | decompress.js:11:16:11:33 | req.query.filePath | potentially untrusted source |
| jszip.js:33:22:33:33 | zipFile.data | jszip.js:12:13:12:21 | req.files | jszip.js:33:22:33:33 | zipFile.data | This Decompression depends on a $@. | jszip.js:12:13:12:21 | req.files | potentially untrusted source |
| node-tar.js:24:9:24:15 | tar.x() | node-tar.js:15:13:15:21 | req.files | node-tar.js:24:9:24:15 | tar.x() | This Decompression depends on a $@. | node-tar.js:15:13:15:21 | req.files | potentially untrusted source |
| node-tar.js:30:9:33:10 | tar.x({ ... }) | node-tar.js:15:13:15:21 | req.files | node-tar.js:30:9:33:10 | tar.x({ ... }) | This Decompression depends on a $@. | node-tar.js:15:13:15:21 | req.files | potentially untrusted source |
| node-tar.js:48:9:50:10 | tar.x({ ... }) | node-tar.js:15:13:15:21 | req.files | node-tar.js:48:9:50:10 | tar.x({ ... }) | This Decompression depends on a $@. | node-tar.js:15:13:15:21 | req.files | potentially untrusted source |
| node-tar.js:58:19:58:30 | tarFile.name | node-tar.js:15:13:15:21 | req.files | node-tar.js:58:19:58:30 | tarFile.name | This Decompression depends on a $@. | node-tar.js:15:13:15:21 | req.files | potentially untrusted source |
| node-tar.js:59:25:59:36 | tarFile.name | node-tar.js:15:13:15:21 | req.files | node-tar.js:59:25:59:36 | tarFile.name | This Decompression depends on a $@. | node-tar.js:15:13:15:21 | req.files | potentially untrusted source |
| pako.js:21:31:21:37 | myArray | pako.js:12:14:12:22 | req.files | pako.js:21:31:21:37 | myArray | This Decompression depends on a $@. | pako.js:12:14:12:22 | req.files | potentially untrusted source |
| pako.js:32:31:32:37 | myArray | pako.js:13:14:13:22 | req.files | pako.js:32:31:32:37 | myArray | This Decompression depends on a $@. | pako.js:13:14:13:22 | req.files | potentially untrusted source |
| unbzip2.js:12:50:12:54 | bz2() | unbzip2.js:12:25:12:42 | req.query.FilePath | unbzip2.js:12:50:12:54 | bz2() | This Decompression depends on a $@. | unbzip2.js:12:25:12:42 | req.query.FilePath | potentially untrusted source |
| unzipper.js:16:23:16:63 | unzippe ... ath' }) | unzipper.js:13:40:13:48 | req.files | unzipper.js:16:23:16:63 | unzippe ... ath' }) | This Decompression depends on a $@. | unzipper.js:13:40:13:48 | req.files | potentially untrusted source |
| unzipper.js:19:23:19:41 | unzipper.ParseOne() | unzipper.js:13:40:13:48 | req.files | unzipper.js:19:23:19:41 | unzipper.ParseOne() | This Decompression depends on a $@. | unzipper.js:13:40:13:48 | req.files | potentially untrusted source |
| unzipper.js:24:15:24:30 | unzipper.Parse() | unzipper.js:13:40:13:48 | req.files | unzipper.js:24:15:24:30 | unzipper.Parse() | This Decompression depends on a $@. | unzipper.js:13:40:13:48 | req.files | potentially untrusted source |
| unzipper.js:34:15:34:30 | unzipper.Parse() | unzipper.js:13:40:13:48 | req.files | unzipper.js:34:15:34:30 | unzipper.Parse() | This Decompression depends on a $@. | unzipper.js:13:40:13:48 | req.files | potentially untrusted source |
| unzipper.js:41:35:41:71 | unzippe ... true }) | unzipper.js:13:40:13:48 | req.files | unzipper.js:41:35:41:71 | unzippe ... true }) | This Decompression depends on a $@. | unzipper.js:13:40:13:48 | req.files | potentially untrusted source |
| unzipper.js:51:36:51:72 | unzippe ... true }) | unzipper.js:13:40:13:48 | req.files | unzipper.js:51:36:51:72 | unzippe ... true }) | This Decompression depends on a $@. | unzipper.js:13:40:13:48 | req.files | potentially untrusted source |
| unzipper.js:60:23:60:38 | unzipper.Parse() | unzipper.js:13:40:13:48 | req.files | unzipper.js:60:23:60:38 | unzipper.Parse() | This Decompression depends on a $@. | unzipper.js:13:40:13:48 | req.files | potentially untrusted source |
| unzipper.js:73:23:73:38 | unzipper.Parse() | unzipper.js:13:40:13:48 | req.files | unzipper.js:73:23:73:38 | unzipper.Parse() | This Decompression depends on a $@. | unzipper.js:13:40:13:48 | req.files | potentially untrusted source |
| yauzl.js:12:18:12:39 | req.fil ... le.data | yauzl.js:12:18:12:26 | req.files | yauzl.js:12:18:12:39 | req.fil ... le.data | This Decompression depends on a $@. | yauzl.js:12:18:12:26 | req.files | potentially untrusted source |
| yauzl.js:13:22:13:43 | req.fil ... le.data | yauzl.js:13:22:13:30 | req.files | yauzl.js:13:22:13:43 | req.fil ... le.data | This Decompression depends on a $@. | yauzl.js:13:22:13:30 | req.files | potentially untrusted source |
| yauzl.js:14:34:14:55 | req.fil ... le.data | yauzl.js:14:34:14:42 | req.files | yauzl.js:14:34:14:55 | req.fil ... le.data | This Decompression depends on a $@. | yauzl.js:14:34:14:42 | req.files | potentially untrusted source |
| yauzl.js:39:9:39:27 | zipfile.readEntry() | yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:39:9:39:27 | zipfile.readEntry() | This Decompression depends on a $@. | yauzl.js:37:16:37:33 | req.query.filePath | potentially untrusted source |
| yauzl.js:41:64:41:73 | readStream | yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:41:64:41:73 | readStream | This Decompression depends on a $@. | yauzl.js:37:16:37:33 | req.query.filePath | potentially untrusted source |
| yauzl.js:43:21:43:39 | zipfile.readEntry() | yauzl.js:37:16:37:33 | req.query.filePath | yauzl.js:43:21:43:39 | zipfile.readEntry() | This Decompression depends on a $@. | yauzl.js:37:16:37:33 | req.query.filePath | potentially untrusted source |
| zlib.js:29:9:29:20 | zipFile.data | zlib.js:15:19:15:27 | req.files | zlib.js:29:9:29:20 | zipFile.data | This Decompression depends on a $@. | zlib.js:15:19:15:27 | req.files | potentially untrusted source |
| zlib.js:33:9:33:20 | zipFile.data | zlib.js:15:19:15:27 | req.files | zlib.js:33:9:33:20 | zipFile.data | This Decompression depends on a $@. | zlib.js:15:19:15:27 | req.files | potentially untrusted source |
| zlib.js:38:9:38:20 | zipFile.data | zlib.js:15:19:15:27 | req.files | zlib.js:38:9:38:20 | zipFile.data | This Decompression depends on a $@. | zlib.js:15:19:15:27 | req.files | potentially untrusted source |
| zlib.js:63:21:63:32 | zipFile.data | zlib.js:17:18:17:26 | req.files | zlib.js:63:21:63:32 | zipFile.data | This Decompression depends on a $@. | zlib.js:17:18:17:26 | req.files | potentially untrusted source |
| zlib.js:64:20:64:31 | zipFile.data | zlib.js:17:18:17:26 | req.files | zlib.js:64:20:64:31 | zipFile.data | This Decompression depends on a $@. | zlib.js:17:18:17:26 | req.files | potentially untrusted source |
| zlib.js:65:31:65:42 | zipFile.data | zlib.js:17:18:17:26 | req.files | zlib.js:65:31:65:42 | zipFile.data | This Decompression depends on a $@. | zlib.js:17:18:17:26 | req.files | potentially untrusted source |
| zlib.js:77:22:77:40 | zlib.createGunzip() | zlib.js:19:24:19:32 | req.files | zlib.js:77:22:77:40 | zlib.createGunzip() | This Decompression depends on a $@. | zlib.js:19:24:19:32 | req.files | potentially untrusted source |
| zlib.js:78:22:78:39 | zlib.createUnzip() | zlib.js:19:24:19:32 | req.files | zlib.js:78:22:78:39 | zlib.createUnzip() | This Decompression depends on a $@. | zlib.js:19:24:19:32 | req.files | potentially untrusted source |
| zlib.js:79:22:79:50 | zlib.cr ... press() | zlib.js:19:24:19:32 | req.files | zlib.js:79:22:79:50 | zlib.cr ... press() | This Decompression depends on a $@. | zlib.js:19:24:19:32 | req.files | potentially untrusted source |
| zlib.js:87:9:87:27 | zlib.createGunzip() | zlib.js:21:32:21:40 | req.files | zlib.js:87:9:87:27 | zlib.createGunzip() | This Decompression depends on a $@. | zlib.js:21:32:21:40 | req.files | potentially untrusted source |

1
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.ql

37
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/adm-zip.js Normal file
View File

@@ -0,0 +1,37 @@
const AdmZip = require("adm-zip");
const express = require('express')
const fileUpload = require("express-fileupload");
const fs = require("fs");
const app = express();
const port = 3000;
app.use(fileUpload());
app.listen(port, () => {
console.log(`Example app listening on port ${port}`)
});
app.post('/upload', (req, res) => {
zipBomb(req.files.zipBombFile)
res.send('Hello World!')
});
function zipBomb(tarFile) {
fs.writeFileSync(tarFile.name, tarFile.data);
// or using fs.writeFile
// file path is a tmp file name that can get from DB after saving to DB with remote file upload
// so the input file name will come from a DB source
const admZip
= new AdmZip(tarFile.data);
const zipEntries = admZip.getEntries();
zipEntries.forEach(function (zipEntry) {
if (zipEntry.entryName === "my_file.txt") {
console.log(zipEntry.getData().toString("utf8"));
}
});
// outputs the content of file named 10GB
console.log(admZip.readAsText("10GB"));
// extracts the specified file to the specified location
admZip.extractEntryTo("10GB", "/tmp/", false, true);
// extracts everything
admZip.extractAllTo("./tmp", true);
}

16
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/decompress.js Normal file
View File

@@ -0,0 +1,16 @@
const decompress = require('decompress');
const express = require('express')
const fileUpload = require("express-fileupload");
const app = express();
app.use(fileUpload());
app.listen(3000, () => {
});
app.post('/upload', async (req, res) => {
decompress(req.query.filePath, 'dist').then(files => {
console.log('done!');
});
res.send("OK")
});

63
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/fflate.js Normal file
View File

@@ -0,0 +1,63 @@
const fflate = require('fflate');
const express = require('express')
const fileUpload = require("express-fileupload");
const { writeFileSync } = require("fs");
const app = express();
app.use(fileUpload());
app.listen(3000, () => {
});
app.post('/upload', async (req, res) => {
// NOT OK
fflate.unzlibSync(new Uint8Array(req.files.CompressedFile.data));
fflate.unzip(new Uint8Array(new Uint8Array(req.files.CompressedFile.data)));
fflate.unzlib(new Uint8Array(req.files.CompressedFile.data));
fflate.unzlibSync(new Uint8Array(req.files.CompressedFile.data));
fflate.gunzip(new Uint8Array(req.files.CompressedFile.data));
fflate.gunzipSync(new Uint8Array(req.files.CompressedFile.data));
fflate.decompress(new Uint8Array(req.files.CompressedFile.data));
fflate.decompressSync(new Uint8Array(req.files.CompressedFile.data));
// OK
fflate.unzlibSync(new Uint8Array(req.files.CompressedFile.data), {
filter(file) {
return file.originalSize <= 1_000_000;
}
});
fflate.unzip(new Uint8Array(new Uint8Array(req.files.CompressedFile.data)), {
filter(file) {
return file.originalSize <= 1_000_000;
}
});
fflate.unzlib(new Uint8Array(req.files.CompressedFile.data), {
filter(file) {
return file.originalSize <= 1_000_000;
}
});
fflate.unzlibSync(new Uint8Array(req.files.CompressedFile.data), {
filter(file) {
return file.originalSize <= 1_000_000;
}
});
fflate.gunzip(new Uint8Array(req.files.CompressedFile.data), {
filter(file) {
return file.originalSize <= 1_000_000;
}
});
fflate.gunzipSync(new Uint8Array(req.files.CompressedFile.data), {
filter(file) {
return file.originalSize <= 1_000_000;
}
});
fflate.decompress(new Uint8Array(req.files.CompressedFile.data), {
filter(file) {
return file.originalSize <= 1_000_000;
}
});
fflate.decompressSync(new Uint8Array(req.files.CompressedFile.data), {
filter(file) {
return file.originalSize <= 1_000_000;
}
});
});

14
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/gunzip-maybe.js Normal file
View File

@@ -0,0 +1,14 @@
const gunzipmaybe = require("gunzip-maybe");
const express = require('express')
const fileUpload = require("express-fileupload");
const { Readable } = require('stream');
const app = express();
app.use(fileUpload());
app.listen(3000, () => {
});
app.post('/upload', async (req, res) => {
// Unsafe
const RemoteStream = Readable.from(req.files.ZipFile.data);
RemoteStream.pipe(gunzipmaybe).createWriteStream("tmp")
});

44
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/jszip.js Normal file
View File

@@ -0,0 +1,44 @@
const jszipp = require("jszip");
const express = require('express')
const fileUpload = require("express-fileupload");
const app = express();
const port = 3000;
app.use(fileUpload());
app.listen(port, () => {
console.log(`Example app listening on port ${port}`)
});
app.post('/upload', (req, res) => {
zipBomb(req.files.zipBombFile.data)
zipBombSafe(req.files.zipBombFile.data)
res.send("OK")
});
function zipBombSafe(zipFile) {
jszipp.loadAsync(zipFile.data).then(function (zip) {
if (zip.file("10GB")["_data"]["uncompressedSize"] > 1024 * 1024 * 8) {
console.log("error")
return
}
zip.files["10GB"].async("uint8array").then(function (u8) {
console.log(u8);
});
zip.file("10GB").async("uint8array").then(function (u8) {
console.log(u8);
});
});
}
function zipBomb(zipFile) {
jszipp.loadAsync(zipFile.data).then(function (zip) {
zip.files["10GB"].async("uint8array").then(function (u8) {
console.log(u8);
});
zip.file("10GB").async("uint8array").then(function (u8) {
console.log(u8);
});
});
}
module.exports = { localZipLoad };

67
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/node-tar.js Normal file
View File

@@ -0,0 +1,67 @@
const tar = require("tar");
const express = require('express')
const fileUpload = require("express-fileupload");
const { Readable, writeFileSync } = require("stream");
const fs = require("fs");
const { createGunzip } = require("zlib");
const app = express();
const port = 3000;
app.use(fileUpload());
app.listen(port, () => {
console.log(`Example app listening on port ${port}`)
});
app.post('/upload', (req, res) => {
zipBomb(req.files.zipBombFile.data)
res.send('Hello World!')
});
function zipBomb(tarFile) {
// scenario 1
const inputFile = Readable.from(tarFile.data);
const outputFile = fs.createWriteStream('/tmp/untar');
inputFile.pipe(
tar.x()
).pipe(outputFile);
// scenario 2
fs.writeFileSync(tarFile.name, tarFile.data);
fs.createReadStream(tarFile.name).pipe(
tar.x({
strip: 1,
C: 'some-dir'
})
)
// safe https://github.com/isaacs/node-tar/blob/8c5af15e43a769fd24aa7f1c84d93e54824d19d2/lib/list.js#L90
fs.createReadStream(tarFile.name).pipe(
tar.x({
strip: 1,
C: 'some-dir',
maxReadSize: 16 * 1024 * 1024 // 16 MB
})
)
// scenario 3
const decompressor = createGunzip();
fs.createReadStream(tarFile.name).pipe(
decompressor
).pipe(
tar.x({
cwd: "dest"
})
)
// scenario 4
fs.writeFileSync(tarFile.name, tarFile.data);
// or using fs.writeFile
// file path is a tmp file name that can get from DB after saving to DB with remote file upload
// so the input file name will come from a DB source
tar.x({ file: tarFile.name })
tar.extract({ file: tarFile.name })
// safe https://github.com/isaacs/node-tar/blob/8c5af15e43a769fd24aa7f1c84d93e54824d19d2/lib/list.js#L90
tar.x({
file: tarFile.name,
strip: 1,
C: 'some-dir',
maxReadSize: 16 * 1024 * 1024 // 16 MB
})
}

37
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/pako.js Normal file
View File

@@ -0,0 +1,37 @@
const pako = require('pako');
const express = require('express')
const fileUpload = require("express-fileupload");
const app = express();
const port = 3000;
app.use(fileUpload());
app.listen(port, () => {
console.log(`Example app listening on port ${port}`)
});
app.post('/upload', (req, res) => {
zipBomb1(req.files.zipBombFile.data);
zipBomb2(req.files.zipBombFile.data);
res.send('Hello World!');
});
function zipBomb1(zipFile) {
const myArray = Buffer.from(new Uint8Array(zipFile.data.buffer));
let output;
try {
output = pako.inflate(myArray);
console.log(output);
} catch (err) {
console.log(err);
}
}
function zipBomb2(zipFile) {
const myArray = new Uint8Array(zipFile.data.buffer).buffer;
let output;
try {
output = pako.inflate(myArray);
console.log(output);
} catch (err) {
console.log(err);
}
}

13
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/unbzip2.js Normal file
View File

@@ -0,0 +1,13 @@
var bz2 = require('unbzip2-stream');
var fs = require('fs');
const express = require('express')
const fileUpload = require("express-fileupload");
const app = express();
app.use(fileUpload());
app.listen(3000, () => {
});
app.post('/upload', async (req, res) => {
fs.createReadStream(req.query.FilePath).pipe(bz2()).pipe(process.stdout);
});

26
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/unzip.js Normal file
View File

@@ -0,0 +1,26 @@
const unzip = require("unzip");
const { createWriteStream } = require("fs");
const express = require('express')
const fileUpload = require("express-fileupload");
const { Readable } = require("stream");
const app = express();
app.use(fileUpload());
app.listen(3000, () => {
});
app.post('/upload', async (req, res) => {
const InputStream = Readable.from(req.files.ZipFile.data);
InputStream.pipe(unzip.Parse())
.on('entry', function (entry) {
if (entry.uncompressedSize > 1024) {
throw "uncompressed size exceed"
}
});
let writeStream = createWriteStream('output/path');
InputStream
.pipe(unzip.Parse())
.pipe(writeStream)
});

106
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/unzipper.js Normal file
View File

@@ -0,0 +1,106 @@
const unzipper = require("unzipper");
const express = require('express')
const fileUpload = require("express-fileupload");
const { Readable } = require('stream');
const { createWriteStream, readFileSync } = require("fs");
const stream = require("node:stream");
const app = express();
app.use(fileUpload());
app.listen(3000, () => {
});
app.post('/upload', async (req, res) => {
const RemoteStream = Readable.from(req.files.ZipFile.data);
// Unsafe
RemoteStream.pipe(unzipper.Extract({ path: 'output/path' }));
// Unsafe
RemoteStream.pipe(unzipper.ParseOne())
.pipe(createWriteStream('firstFile.txt'));
// Safe because of uncompressedSize
RemoteStream
.pipe(unzipper.Parse())
.on('entry', function (entry) {
const size = entry.vars.uncompressedSize;
if (size < 1024 * 1024 * 1024) {
entry.pipe(createWriteStream('output/path'));
}
});
// Unsafe
RemoteStream
.pipe(unzipper.Parse())
.on('entry', function (entry) {
const size = entry.vars.uncompressedSize;
entry.pipe(createWriteStream('output/path'));
});
// Unsafe
const zip = RemoteStream.pipe(unzipper.Parse({ forceStream: true }));
for await (const entry of zip) {
const fileName = entry.path;
if (fileName === "this IS the file I'm looking for") {
entry.pipe(createWriteStream('output/path'));
} else {
entry.autodrain();
}
}
// Safe
const zip2 = RemoteStream.pipe(unzipper.Parse({ forceStream: true }));
for await (const entry of zip2) {
const size = entry.vars.uncompressedSize;
if (size < 1024 * 1024 * 1024) {
entry.pipe(createWriteStream('output/path'));
}
}
// Safe because of uncompressedSize
RemoteStream.pipe(unzipper.Parse())
.pipe(stream.Transform({
objectMode: true,
transform: function (entry, e, cb) {
const size = entry.vars.uncompressedSize; // There is also compressedSize;
if (size < 1024 * 1024 * 1024) {
entry.pipe(createWriteStream('output/path'))
.on('finish', cb);
}
}
}));
// Unsafe
RemoteStream.pipe(unzipper.Parse())
.pipe(stream.Transform({
objectMode: true,
transform: function (entry, e, cb) {
entry.pipe(createWriteStream('output/path'))
.on('finish', cb);
}
}));
let directory = await unzipper.Open.file('path/to/archive.zip');
new Promise((resolve, reject) => {
directory.files[0]
.stream()
.pipe(fs.createWriteStream('firstFile'))
.on('error', reject)
.on('finish', resolve)
});
const request = require('request');
// Unsafe
directory = await unzipper.Open.url(request, 'http://example.com/example.zip');
const file = directory.files.find(d => d.path === 'example.xml');
await file.buffer();
// Unsafe
const buffer = readFileSync(request.query.FilePath);
directory = await unzipper.Open.buffer(buffer);
directory.files[0].buffer();
// Unsafe
unzipper.Open.file(request.query.FilePath)
.then(d => d.extract({ path: '/extraction/path', concurrency: 5 }));
});

54
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/yauzl.js Normal file
View File

@@ -0,0 +1,54 @@
const { pipeline } = require('stream/promises');
const yauzl = require("yauzl");
const fs = require("fs");
const express = require('express')
const fileUpload = require("express-fileupload");
const app = express();
app.use(fileUpload());
app.listen(3000, () => {
});
app.post('/upload', (req, res) => {
yauzl.fromFd(req.files.zipFile.data)
yauzl.fromBuffer(req.files.zipFile.data)
yauzl.fromRandomAccessReader(req.files.zipFile.data)
// Safe
yauzl.open(req.query.filePath, { lazyEntries: true }, function (err, zipfile) {
if (err) throw err;
zipfile.readEntry();
zipfile.on("entry", function (entry) {
zipfile.openReadStream(entry, async function (err, readStream) {
if (err) throw err;
if (entry.uncompressedSize > 1024 * 1024 * 1024) {
throw err
}
readStream.on("end", function () {
zipfile.readEntry();
});
const outputFile = fs.createWriteStream('testiness');
await pipeline(
readStream,
outputFile
)
});
});
});
// Unsafe
yauzl.open(req.query.filePath, { lazyEntries: true }, function (err, zipfile) {
if (err) throw err;
zipfile.readEntry();
zipfile.on("entry", function (entry) {
zipfile.openReadStream(entry, async function (err, readStream) {
readStream.on("end", function () {
zipfile.readEntry();
});
const outputFile = fs.createWriteStream('testiness');
await pipeline(
readStream,
outputFile
)
});
});
});
res.send("OK")
});

98
javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/zlib.js Normal file
View File

@@ -0,0 +1,98 @@
const fs = require("fs");
const zlib = require("node:zlib");
const { Readable } = require('stream');
const express = require('express');
const fileUpload = require("express-fileupload");
const app = express();
const port = 3000;
const stream = require('stream/promises');
app.use(fileUpload());
app.listen(port, () => {
console.log(`Example app listening on port ${port}`)
});
app.post('/upload', async (req, res) => {
zlibBombAsync(req.files.zipBombFile.data)
zlibBombAsyncSafe(req.files.zipBombFile.data);
zlibBombSync(req.files.zipBombFile.data)
zlibBombSyncSafe(req.files.zipBombFile.data)
zlibBombPipeStream(req.files.zipBombFile.data)
zlibBombPipeStreamSafe(req.files.zipBombFile.data)
zlibBombPipeStreamPromises(req.files.zipBombFile.data).then(r =>
console.log("sone"));
res.send('Hello World!')
});
function zlibBombAsync(zipFile) {
zlib.gunzip(
zipFile.data,
(err, buffer) => {
});
zlib.unzip(
zipFile.data,
(err, buffer) => {
});
zlib.brotliDecompress(
zipFile.data,
(err, buffer) => {
});
}
function zlibBombAsyncSafe(zipFile) {
zlib.gunzip(
zipFile.data,
{ maxOutputLength: 1024 * 1024 * 5 },
(err, buffer) => {
});
zlib.unzip(
zipFile.data,
{ maxOutputLength: 1024 * 1024 * 5 },
(err, buffer) => {
});
zlib.brotliDecompress(
zipFile.data,
{ maxOutputLength: 1024 * 1024 * 5 },
(err, buffer) => {
});
}
function zlibBombSync(zipFile) {
zlib.gunzipSync(zipFile.data, { finishFlush: zlib.constants.Z_SYNC_FLUSH });
zlib.unzipSync(zipFile.data);
zlib.brotliDecompressSync(zipFile.data);
}
function zlibBombSyncSafe(zipFile) {
zlib.gunzipSync(zipFile.data, { finishFlush: zlib.constants.Z_SYNC_FLUSH, maxOutputLength: 1024 * 1024 * 5 });
zlib.unzipSync(zipFile.data, { maxOutputLength: 1024 * 1024 * 5 });
zlib.brotliDecompressSync(zipFile.data, { maxOutputLength: 1024 * 1024 * 5 });
}
function zlibBombPipeStream(zipFile) {
const inputStream = Readable.from(zipFile.data);
const outputFile = fs.createWriteStream('unzip.txt');
inputStream.pipe(zlib.createGunzip()).pipe(outputFile);
inputStream.pipe(zlib.createUnzip()).pipe(outputFile);
inputStream.pipe(zlib.createBrotliDecompress()).pipe(outputFile);
}
async function zlibBombPipeStreamPromises(zipFile) {
const inputStream = Readable.from(zipFile.data);
const outputFile = fs.createWriteStream('unzip.txt');
await stream.pipeline(
inputStream,
zlib.createGunzip(),
outputFile
)
}
function zlibBombPipeStreamSafe(zipFile) {
const inputFile = Readable.from(zipFile.data);
const outputFile = fs.createWriteStream('unzip.txt');
inputFile.pipe(zlib.createGunzip({ maxOutputLength: 1024 * 1024 * 5 })).pipe(outputFile);
inputFile.pipe(zlib.createUnzip({ maxOutputLength: 1024 * 1024 * 5 })).pipe(outputFile);
inputFile.pipe(zlib.createBrotliDecompress({ maxOutputLength: 1024 * 1024 * 5 })).pipe(outputFile);
}