Add mkdirs check

2026-04-30 11:15:13 +02:00 · 2020-12-08 15:31:18 -05:00
parent cf0ed81575
commit ecad7534ae
2 changed files with 6 additions and 1 deletions
--- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure2.ql
+++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure2.ql
@@ -16,7 +16,7 @@ private class MethodFileSystemFileCreation extends Method {
  MethodFileSystemFileCreation() {
    getDeclaringType() instanceof TypeFile and
    (
-      hasName("mkdir") or
+      hasName(["mkdir", "mkdirs"]) or
      hasName("createNewFile")
    )
  }
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/Test.java
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/Test.java
@@ -50,6 +50,11 @@ public class Test {
        tempDirChild.mkdir();
    }

+    void vulnerableFileCreateTempFileMkdirsTainted() {
+        File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child");
+        tempDirChild.mkdir();
+    }
+
    void vulnerableFileCreateTempFilesWrite1() {
        File tempDirChild = new File(System.getProperty("java.io.tmpdir"), "/child");
        Files.write(tempDirChild.toPath(), Arrays.asList("secret"), StandardCharsets.UTF_8, StandardOpenOption.CREATE);