hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Re-factor ZipSlip to use the new API.

Browse Source
This commit is contained in:
Michael Nebel
2023-04-13 11:31:42 +02:00
parent 3e4e75cee8
commit a96ad600fc
2 changed files with 25 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll
View File

@@ -27,8 +27,12 @@ abstract class Sanitizer extends DataFlow::ExprNode { }
*/
abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
/** A taint tracking configuration for Zip Slip */
class TaintTrackingConfiguration extends TaintTracking::Configuration {
/**
* DEPRECATED: Use `ZipSlip` instead.
*
* A taint tracking configuration for Zip Slip.
*/
deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
TaintTrackingConfiguration() { this = "ZipSlipTaintTracking" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -42,6 +46,22 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
}
}
/**
* A taint tracking configuration for Zip Slip.
*/
private module ZipSlipConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
}
/**
* A taint tracking module for Zip Slip.
*/
module ZipSlip = TaintTracking::Global<ZipSlipConfig>;
/** An access to the `FullName` property of a `ZipArchiveEntry`. */
class ArchiveFullNameSource extends Source {
ArchiveFullNameSource() {

6
csharp/ql/src/Security Features/CWE-022/ZipSlip.ql
View File

@@ -14,10 +14,10 @@
import csharp
import semmle.code.csharp.security.dataflow.ZipSlipQuery
import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
import ZipSlip::PathGraph
from TaintTrackingConfiguration zipTaintTracking, DataFlow::PathNode source, DataFlow::PathNode sink
where zipTaintTracking.hasFlowPath(source, sink)
from ZipSlip::PathNode source, ZipSlip::PathNode sink
where ZipSlip::flowPath(source, sink)
select source.getNode(), source, sink,
"Unsanitized archive entry, which may contain '..', is used in a $@.", sink.getNode(),
"file system operation"