hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Address review comments

Browse Source
This commit is contained in:
Tony Torralba
2022-09-28 16:51:35 +02:00
parent b8fa9433be
commit 9db65eae7f
2 changed files with 45 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql
View File

@@ -18,6 +18,29 @@ import JFinalController
import semmle.code.java.security.PathSanitizer
import DataFlow::PathGraph
/** A complementary sanitizer that protects against path traversal using path normalization. */
class PathNormalizeSanitizer extends MethodAccess {
PathNormalizeSanitizer() {
exists(RefType t |
t instanceof TypePath or
t.hasQualifiedName("kotlin.io", "FilesKt")
|
this.getMethod().getDeclaringType() = t and
this.getMethod().hasName("normalize")
)
or
this.getMethod().getDeclaringType() instanceof TypeFile and
this.getMethod().hasName(["getCanonicalPath", "getCanonicalFile"])
}
}
/** A node with path normalization. */
class NormalizedPathNode extends DataFlow::Node {
NormalizedPathNode() {
TaintTracking::localExprTaint(this.asExpr(), any(PathNormalizeSanitizer ma))
}
}
class InjectFilePathConfig extends TaintTracking::Configuration {
InjectFilePathConfig() { this = "InjectFilePathConfig" }