hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Actually use fileName in examples

Browse Source
This commit is contained in:
Jason Reed
2019-02-27 10:23:32 -05:00
parent 674d2790b4
commit c5e57dacf8
5 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Security/CWE-022/ZipSlipBad.js
View File

@@ -5,5 +5,5 @@ fs.createReadStream('archive.zip')
.pipe(unzip.Parse())
.on('entry', entry => {
const fileName = entry.path;
entry.pipe(fs.createWriteStream(entry.path));
entry.pipe(fs.createWriteStream(fileName));
});

6
javascript/ql/src/Security/CWE-022/ZipSlipGood.js
View File

@@ -5,10 +5,10 @@ fs.createReadStream('archive.zip')
.pipe(unzip.Parse())
.on('entry', entry => {
const fileName = entry.path;
if (entry.path.indexOf('..') == -1) {
entry.pipe(fs.createWriteStream(entry.path));
if (fileName.indexOf('..') == -1) {
entry.pipe(fs.createWriteStream(fileName));
}
else {
console.log('skipping bad path', entry.path);
console.log('skipping bad path', fileName);
}
});

8
javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected
View File

@@ -3,11 +3,15 @@ nodes
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
| ZipSlipBad2.js:5:37:5:46 | entry.path |
| ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad.js:8:37:8:46 | entry.path |
| ZipSlipBad.js:7:11:7:31 | fileName |
| ZipSlipBad.js:7:22:7:31 | entry.path |
| ZipSlipBad.js:8:37:8:44 | fileName |
edges
| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName |
| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName |
| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName |
#select
| ZipSlipBad2.js:6:22:6:29 | fileName | ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:6:22:6:29 | fileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBad2.js:5:37:5:46 | entry.path | item path |
| ZipSlipBad.js:8:37:8:46 | entry.path | ZipSlipBad.js:8:37:8:46 | entry.path | ZipSlipBad.js:8:37:8:46 | entry.path | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBad.js:8:37:8:46 | entry.path | item path |
| ZipSlipBad.js:8:37:8:44 | fileName | ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:8:37:8:44 | fileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBad.js:7:22:7:31 | entry.path | item path |

2
javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBad.js
View File

@@ -5,5 +5,5 @@ fs.createReadStream('archive.zip')
.pipe(unzip.Parse())
.on('entry', entry => {
const fileName = entry.path;
entry.pipe(fs.createWriteStream(entry.path));
entry.pipe(fs.createWriteStream(fileName));
});

6
javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipGood.js
View File

@@ -5,10 +5,10 @@ fs.createReadStream('archive.zip')
.pipe(unzip.Parse())
.on('entry', entry => {
const fileName = entry.path;
if (entry.path.indexOf('..') == -1) {
entry.pipe(fs.createWriteStream(entry.path));
if (fileName.indexOf('..') == -1) {
entry.pipe(fs.createWriteStream(fileName));
}
else {
console.log('skipping bad path', entry.path);
console.log('skipping bad path', fileName);
}
});