hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix docs references

Browse Source
This commit is contained in:
Grzegorz Niedziela
2023-02-17 12:50:01 +00:00
committed by GitHub
parent 652c7ff1ed
commit c03ba2cc13
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ruby/ql/src/queries/security/cwe-022/ZipSlip.qhelp
View File

@@ -43,13 +43,13 @@ instance, if it were created by something like <code>tar -cf archive.tar
outside the destination directory.
</p>
<sample src="examples/zip_slip_bad.py" />
<sample src="examples/zip_slip_bad.rb" />
<p>To fix this vulnerability, we need to check that the path does not
contain any <code>".."</code> elements in it.
</p>
<sample src="examples/zip_slip_good.py" />
<sample src="examples/zip_slip_good.rb" />
</example>
<references>
@@ -63,12 +63,16 @@ OWASP:
<a href="https://owasp.org/www-community/attacks/Path_Traversal">Path Traversal</a>.
</li>
<li>
Python Library Reference:
<a href="https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extract">TarFile.extract</a>.
class
<a href="https://docs.ruby-lang.org/en/2.4.0/Gem/Package/TarReader.html">Gem::Package::TarReader</a>.
</li>
<li>
Python Library Reference:
<a href="https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall">TarFile.extractall</a>.
class
<a href="https://ruby-doc.org/stdlib-2.4.0/libdoc/zlib/rdoc/Zlib/GzipReader.html">Zlib::GzipReader</a>.
</li>
<li>
class
<a href="https://www.rubydoc.info/github/rubyzip/rubyzip/Zip/File">Zip::File</a>.
</li>
</references>