hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 15:25:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add additional example.

Browse Source
This commit is contained in:
Max Schaefer
2023-11-16 10:06:19 +00:00
parent 009d58034f
commit 947b094387
3 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/Security/CWE/CWE-022/TaintedPath.qhelp
View File

@@ -46,6 +46,11 @@ not contain ".." and starts with the public folder.</p>
<sample src="TaintedPathGood.java" />
<p>Alternatively, if we only want to allow simple filenames without a path component, we can remove all path
separators ("/" or "\") and all ".." sequences from the input before using it to construct a file path.</p>
<sample src="TaintedPathGood2.java" />
</example>
<references>

13
java/ql/src/Security/CWE/CWE-022/TaintedPathGood2.java Normal file
View File

@@ -0,0 +1,13 @@
public void sendUserFileGood(Socket sock, String user) {
BufferedReader filenameReader = new BufferedReader(
new InputStreamReader(sock.getInputStream(), "UTF-8"));
String filename = filenameReader.readLine();
// GOOD: remove all ".." sequences and path separators from the filename
filename = filename.replaceAll("\\.\\.|[/\\\\]", "");
BufferedReader fileReader = new BufferedReader(new FileReader(filename));
String fileLine = fileReader.readLine();
while(fileLine != null) {
sock.getOutputStream().write(fileLine.getBytes());
fileLine = fileReader.readLine();
}
}

13
java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.java
View File

@@ -32,4 +32,17 @@ public class TaintedPath {
}
}
}
public void sendUserFileGood2(Socket sock, String user) throws IOException {
BufferedReader filenameReader = new BufferedReader(new InputStreamReader(sock.getInputStream(), "UTF-8"));
String filename = filenameReader.readLine();
// GOOD: remove all ".." sequences and path separators from the filename
filename = filename.replaceAll("\\.\\.|[/\\\\]", "");
BufferedReader fileReader = new BufferedReader(new FileReader(filename));
String fileLine = fileReader.readLine();
while(fileLine != null) {
sock.getOutputStream().write(fileLine.getBytes());
fileLine = fileReader.readLine();
}
}
}