hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

add sources to detect CVE completely

Browse Source
This commit is contained in:
amammad
2023-09-07 02:02:32 +10:00
parent 7aa002fa2a
commit bcfc28aae0
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/src/experimental/Security/CWE-409/DecompressionBombs.ql
View File

@@ -137,7 +137,7 @@ module ZipFile {
* zipfile.ZipFile()
* ```
*/
private API::Node zipFileClass() {
API::Node zipFileClass() {
result =
[
API::moduleImport("zipfile").getMember("ZipFile"),
@@ -253,7 +253,8 @@ module ZipFile {
*/
predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
exists(API::Node zipFileInstance | zipFileInstance = zipFileClass() |
nodeFrom = zipFileInstance.getACall().getParameter(0, "file").asSink() and
nodeFrom =
[zipFileInstance.getACall().getParameter(0, "file").asSink(), zipFileInstance.getACall()] and
nodeTo =
[
sink(zipFileInstance).getACall(),
@@ -317,7 +318,8 @@ module TarFile {
predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
exists(API::Node tarfileInstance | tarfileInstance = tarfileInstance() |
nodeFrom = tarfileInstance.getACall().getParameter(0, "name").asSink() and
nodeFrom =
[tarfileInstance.getACall().getParameter(0, "name").asSink(), tarfileInstance.getACall()] and
nodeTo =
tarfileInstance.getReturn().getMember(["extractall", "extract", "extractfile"]).getACall()
)
@@ -497,6 +499,10 @@ module BombsConfig implements DataFlow::ConfigSig {
)
or
source instanceof FileAndFormRemoteFlowSource::FastAPI
or
source = TarFile::tarfileInstance().getACall()
or
source = ZipFile::zipFileClass().getACall()
}
predicate isSink(DataFlow::Node sink) {