hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 08:23:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

rb/overly-permissive-file use QL bitwise operators

Browse Source
This commit is contained in:
Alex Ford
2021-04-29 16:08:42 +01:00
parent 46a14b2826
commit efa323c304
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ql/src/queries/security/cwe-732/WeakFilePermissions.ql
View File

@@ -29,16 +29,17 @@ class FileModuleAccess extends Expr {
}
bindingset[p]
int world_permission(int p) { result = p % 8 }
int world_permission(int p) { result = p.bitAnd(7) }
bindingset[p]
int group_permission(int p) { result = (p / 8) % 8 }
// 70 oct = 56 dec
int group_permission(int p) { result = p.bitAnd(56) }
bindingset[p]
string access(int p) {
p % 4 >= 2 and result = "writable"
p.bitAnd(2) != 0 and result = "writable"
or
p % 8 in [4, 5] and result = "readable"
p.bitAnd(2) = 0 and p.bitAnd(4) != 0 and result = "readable"
}
/** An expression specifing a file permission that allows group/others read or write access */