hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

update qlhelp

Browse Source
This commit is contained in:
am0o0
2024-07-01 15:09:56 +02:00
parent 02b0b402d6
commit f1324a413a
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.qhelp
View File

@@ -3,26 +3,26 @@
"qhelp.dtd">
<qhelp>
<overview>
<p>Extracting Compressed files with any compression algorithm like gzip can cause to denial of service attacks.</p>
<p>Attackers can compress a huge file which created by repeated similiar byte and convert it to a small compressed file.</p>
<p>Extracting Compressed files with any compression algorithm like gzip can cause a denial of service attacks.</p>
<p>Attackers can create a huge file by just repeating a single byte and compress it to a small file.</p>
</overview>
<recommendation>
<p>When you want to decompress a user-provided compressed file you must be careful about the decompression ratio or read these files within a loop byte by byte to be able to manage the decompressed size in each cycle of the loop.</p>
<p>When decompressing a user-provided compressed file, verify the decompression ratio or decompress the files within a loop byte by byte to be able to manage the decompressed size in each cycle of the loop.</p>
</recommendation>
<example>
<p>
Reading uncompressed ZipFile within a loop and check for a Threshold size in each cycle.
</p>
<sample src="example_good.java"/>
In the following example, the decompressed file size is not checked before decompression, exposing the application to a denial of service.
</p>
<sample src="example_bad.java" />
<p>
An Unsafe Approach can be this example which we don't check for uncompressed size.
</p>
<sample src="example_bad.java" />
<p>
A better approach is shown in the following example, where a ZIP file is read within a loop and a size threshold is checked every cicle.
</p>
<sample src="example_good.java"/>
</example>
<references>
@@ -31,7 +31,7 @@ An Unsafe Approach can be this example which we don't check for uncompressed siz
<a href="https://github.com/advisories/GHSA-47vx-fqr5-j2gw">CVE-2022-4565</a>
</li>
<li>
<a href="https://www.bamsoftware.com/hacks/zipbomb/">A great research to gain more impact by this kind of attacks</a>
David Fifield: <a href="https://www.bamsoftware.com/hacks/zipbomb/">A better zip bomb</a>.
</li>
</references>