-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathXSJSZipSlip.ql
More file actions
24 lines (20 loc) · 822 Bytes
/
XSJSZipSlip.ql
File metadata and controls
24 lines (20 loc) · 822 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
/**
* @name XSJS Zip Slip
* @description Saving an entry of a zip archive into a file with its stated path
* allows for a path traversal and writing to an arbitrary location.
* @kind path-problem
* @problem.severity error
* @security-severity 7.5
* @precision medium
* @id js/xsjs-zip-slip
* @tags security
*/
import javascript
import advanced_security.javascript.frameworks.xsjs.XSJSZipSlipQuery
import semmle.javascript.frameworks.data.ModelsAsData
module XSJSZipSlipFlow = DataFlow::GlobalWithState<XSJSZipSlip>;
import XSJSZipSlipFlow::PathGraph
from XSJSZipSlipFlow::PathNode source, XSJSZipSlipFlow::PathNode sink
where XSJSZipSlipFlow::flowPath(source, sink)
select sink, source, sink, "The path of $@ being saved depends on a $@.", sink, "this zip file",
source, "user-provided value"