hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

recognize more startswith sanitizers for path-injection queries

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-02-07 14:19:13 +01:00
parent 55e69d421c
commit ca5f91e587
2 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBad.js
View File

@@ -25,6 +25,7 @@ fs.createReadStream('archive.zip')
const JSZip = require('jszip');
const zip = new JSZip();
const path = require('path');
function doZipSlip() {
for (const name in zip.files) {
fs.createWriteStream(name);
@@ -33,4 +34,22 @@ function doZipSlip() {
zip.forEach((name, file) => {
fs.createWriteStream(name);
});
}
const extractTo = path.resolve("/some/path/to/extract/to");
var files = [];
for (var name in zip.files) {
var entry = zip.files[name];
var targetPath = path.resolve(
path.join(extractTo, name)
);
if (!targetPath.startsWith(extractTo)) {
throw new Error("Entry is outside the extraction path");
}
files.push(name);
}
for (const file of files) {
fs.createWriteStream(path.join(extractTo, file)); // OK
}
}