hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

C#: ZipSlip - Add spaces into bad example.

Browse Source
This commit is contained in:
Luke Cartey
2018-08-21 13:06:29 +01:00
parent 6453153393
commit 4f57456df1
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/src/Security Features/CWE-022/ZipSlipGood.cs
View File

@@ -9,7 +9,7 @@ class Good
string destFileName = Path.GetFullPath(Path.Combine(destDirectory, entry.FullName));
string fullDestDirPath = Path.GetFullPath(destDirectory + Path.DirectorySeparatorChar);
if (!destFileName.StartsWith(fullDestDirPath)) {
throw new System.InvalidOperationException("Entry is outside of the target dir: " +
throw new System.InvalidOperationException("Entry is outside of the target dir: " +
destFileName);
}
entry.ExtractToFile(destFileName);

4
csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlipGood.cs
View File

@@ -9,9 +9,9 @@ class Good
string destFileName = Path.GetFullPath(Path.Combine(destDirectory, entry.FullName));
string fullDestDirPath = Path.GetFullPath(destDirectory + Path.DirectorySeparatorChar);
if (!destFileName.StartsWith(fullDestDirPath)) {
throw new System.InvalidOperationException("Entry is outside of the target dir: " +
throw new System.InvalidOperationException("Entry is outside of the target dir: " +
destFileName);
}
entry.ExtractToFile(destFileName);
}
}
}