hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

add sources to detect CVE completely

Browse Source
This commit is contained in:
amammad
2023-09-07 18:27:40 +10:00
parent bcfc28aae0
commit 6ee5865789
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
python/ql/src/experimental/Security/CWE-409/DecompressionBombs.ql
View File

@@ -1,11 +1,11 @@
/**
* @name User-controlled file decompression
* @description User-controlled data that flows into decompression library APIs without checking the compression rate is dangerous
* @name Uncontrolled file decompression
* @description Uncontrolled data that flows into decompression library APIs without checking the compression rate is dangerous
* @kind path-problem
* @problem.severity error
* @security-severity 7.8
* @precision high
* @id py/user-controlled-file-decompression
* @id py/uncontrolled-file-decompression
* @tags security
* experimental
* external/cwe/cwe-409
@@ -530,5 +530,4 @@ import Bombs::PathGraph
from Bombs::PathNode source, Bombs::PathNode sink
where Bombs::flowPath(source, sink)
select sink.getNode(), source, sink, "This file extraction depends on a $@.", source.getNode(),
"potentially untrusted source"
select sink.getNode(), source, sink, "This file extraction is $@.", source.getNode(), "uncontrolled"