hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

C#: ZipSlip - Update name, description and message.

Browse Source 
This commit updates the name, description and message to better match
the house style for the security queries.
This commit is contained in:
Luke Cartey
2018-08-20 14:49:55 +01:00
parent 112d104005
commit 99d1cf70be
2 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
csharp/ql/src/Security Features/CWE-022/ZipSlip.ql
View File

@@ -1,7 +1,9 @@
/** /**
* @name Potential ZipSlip vulnerability * @name Arbitrary file write during zip extraction ("ZipSlip")
* @description When extracting files from an archive, don't add archive item's path to the target file system path. Archive path can be relative and can lead to * @description Extracting files from a malicious zip archive without validating that the
* file system access outside of the expected file system target path, leading to malicious config changes and remote code execution via lay-and-wait technique * destination file path is within the destination directory can cause files outside
* the destination directory to be overwritten, due to the possible presence of
* directory traversal elements ("..") in archive paths.
* @kind problem * @kind problem
* @id cs/zipslip * @id cs/zipslip
* @problem.severity error * @problem.severity error
@@ -14,4 +16,4 @@ import semmle.code.csharp.security.dataflow.ZipSlip::ZipSlip
from TaintTrackingConfiguration zipTaintTracking, DataFlow::Node source, DataFlow::Node sink from TaintTrackingConfiguration zipTaintTracking, DataFlow::Node source, DataFlow::Node sink
where zipTaintTracking.hasFlow(source, sink) where zipTaintTracking.hasFlow(source, sink)
select sink, "Make sure to sanitize relative archive item path before creating path for file extraction if the source of $@ is untrusted", source, "zip archive" select sink, "Unsanitized zip archive $@ which may contain '..' used in a file system operation.", source, "item path"

12
csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected
View File

@@ -1,6 +1,6 @@
| ZipSlip.cs:24:41:24:52 | access to local variable destFileName | Make sure to sanitize relative archive item path before creating path for file extraction if the source of $@ is untrusted | ZipSlip.cs:19:31:19:44 | access to property FullName | zip archive | | ZipSlip.cs:24:41:24:52 | access to local variable destFileName | Unsanitized zip archive $@ which may contain '..' used in a file system operation. | ZipSlip.cs:19:31:19:44 | access to property FullName | item path |
| ZipSlip.cs:32:41:32:52 | access to local variable destFilePath | Make sure to sanitize relative archive item path before creating path for file extraction if the source of $@ is untrusted | ZipSlip.cs:16:52:16:65 | access to property FullName | zip archive | | ZipSlip.cs:32:41:32:52 | access to local variable destFilePath | Unsanitized zip archive $@ which may contain '..' used in a file system operation. | ZipSlip.cs:16:52:16:65 | access to property FullName | item path |
| ZipSlip.cs:61:74:61:85 | access to local variable destFilePath | Make sure to sanitize relative archive item path before creating path for file extraction if the source of $@ is untrusted | ZipSlip.cs:54:72:54:85 | access to property FullName | zip archive | | ZipSlip.cs:61:74:61:85 | access to local variable destFilePath | Unsanitized zip archive $@ which may contain '..' used in a file system operation. | ZipSlip.cs:54:72:54:85 | access to property FullName | item path |
| ZipSlip.cs:68:71:68:82 | access to local variable destFilePath | Make sure to sanitize relative archive item path before creating path for file extraction if the source of $@ is untrusted | ZipSlip.cs:54:72:54:85 | access to property FullName | zip archive | | ZipSlip.cs:68:71:68:82 | access to local variable destFilePath | Unsanitized zip archive $@ which may contain '..' used in a file system operation. | ZipSlip.cs:54:72:54:85 | access to property FullName | item path |
| ZipSlip.cs:75:57:75:68 | access to local variable destFilePath | Make sure to sanitize relative archive item path before creating path for file extraction if the source of $@ is untrusted | ZipSlip.cs:54:72:54:85 | access to property FullName | zip archive | | ZipSlip.cs:75:57:75:68 | access to local variable destFilePath | Unsanitized zip archive $@ which may contain '..' used in a file system operation. | ZipSlip.cs:54:72:54:85 | access to property FullName | item path |
| ZipSlip.cs:83:58:83:69 | access to local variable destFilePath | Make sure to sanitize relative archive item path before creating path for file extraction if the source of $@ is untrusted | ZipSlip.cs:54:72:54:85 | access to property FullName | zip archive | | ZipSlip.cs:83:58:83:69 | access to local variable destFilePath | Unsanitized zip archive $@ which may contain '..' used in a file system operation. | ZipSlip.cs:54:72:54:85 | access to property FullName | item path |