hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ded6968558c8f69b5127ca00a0b68239c186e44d
codeql/go/ql/lib/ext/mime.multipart.model.yml
Owen Mansel-Chan 7fff3534fa Convert 3 barriers for path injection to MaD
2026-01-06 22:56:59 +00:00

31 lines
2.1 KiB
YAML
Raw Blame History

extensions:
- addsTo:
pack: codeql/go-all
extensible: barrierModel
data:
# The only way to create a `mime/multipart.FileHeader` is to create a
# `mime/multipart.Form`, which creates the `Filename` field of each
# `mime/multipart.FileHeader` by calling `Part.FileName`, which calls
# `path/filepath.Base` on its return value. In general `path/filepath.Base`
# is not a sanitizer for path traversal, but in this specific case where the
# output is going to be used as a filename rather than a directory name, it
# is adequate.
- ["mime/multipart", "FileHeader", False, "Filename", "", "", "", "path-injection", "manual"]
# `Part.FileName` calls `path/filepath.Base` on its return value. In
# general `path/filepath.Base` is not a sanitizer for path traversal, but in
# this specific case where the output is going to be used as a filename
# rather than a directory name, it is adequate.
- ["mime/multipart", "Part", False, "FileName", "", "", "ReturnValue", "path-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["mime/multipart", "", False, "NewReader", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["mime/multipart", "FileHeader", True, "Open", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["mime/multipart", "Part", True, "FileName", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["mime/multipart", "Part", True, "FormName", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["mime/multipart", "Reader", True, "NextPart", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["mime/multipart", "Reader", True, "NextRawPart", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["mime/multipart", "Reader", True, "ReadForm", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["mime/multipart", "Writer", True, "WriteField", "", "", "Argument[0..1]", "Argument[receiver]", "taint", "manual"]
Reference in New Issue View Git Blame Copy Permalink