Skip to content

Commit 3ea0460

Browse files
committed
auto-format
1 parent 50f17b0 commit 3ea0460

2 files changed

Lines changed: 14 additions & 18 deletions

File tree

javascript/ql/src/Security/CWE-022/ZipSlip.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,4 +19,4 @@ from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
1919
where cfg.hasFlowPath(source, sink)
2020
select sink.getNode(), source, sink,
2121
"Unsanitized zip archive $@, which may contain '..', is used in a file system operation.",
22-
source.getNode(), "item path"
22+
source.getNode(), "item path"

javascript/ql/src/semmle/javascript/security/dataflow/ZipSlip.qll

Lines changed: 13 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,7 @@ module ZipSlip {
1818
/**
1919
* A sanitizer guard for unsafe zip extraction.
2020
*/
21-
abstract class SanitizerGuard extends
22-
TaintTracking::SanitizerGuardNode,
23-
DataFlow::ValueNode { }
21+
abstract class SanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { }
2422

2523
/** A taint tracking configuration for Zip Slip */
2624
class Configuration extends TaintTracking::Configuration {
@@ -53,10 +51,12 @@ module ZipSlip {
5351
class UnzipEntrySource extends Source {
5452
UnzipEntrySource() {
5553
exists(DataFlow::MethodCallNode pipe, DataFlow::MethodCallNode on |
56-
pipe.getMethodName() = "pipe"
57-
and pipe.getArgument(0).getALocalSource() = DataFlow::moduleImport("unzip").getAMemberCall("Parse")
58-
and on = pipe.getAMemberCall("on")
59-
and this = on.getCallback(1).getParameter(0).getAPropertyRead("path"))
54+
pipe.getMethodName() = "pipe" and
55+
pipe.getArgument(0).getALocalSource() = DataFlow::moduleImport("unzip")
56+
.getAMemberCall("Parse") and
57+
on = pipe.getAMemberCall("on") and
58+
this = on.getCallback(1).getParameter(0).getAPropertyRead("path")
59+
)
6060
}
6161
}
6262

@@ -75,29 +75,25 @@ module ZipSlip {
7575

7676
/** A sink that is a file path that gets written to. */
7777
class FileSystemWriteSink extends Sink {
78-
FileSystemWriteSink() {
79-
exists(FileSystemWriteAccess fsw | fsw.getAPathArgument() = this)
80-
}
78+
FileSystemWriteSink() { exists(FileSystemWriteAccess fsw | fsw.getAPathArgument() = this) }
8179
}
8280

8381
/**
8482
* Gets a string which suffices to search for to ensure that a
8583
* filepath will not refer to parent directories.
8684
*/
87-
string getAParentDirName() {
88-
result = any(string s | s = ".." or s = "../")
89-
}
85+
string getAParentDirName() { result = any(string s | s = ".." or s = "../") }
9086

9187
/** A check that a path string does not include '..' */
9288
class NoParentDirSanitizerGuard extends SanitizerGuard {
9389
StringOps::Includes incl;
9490

95-
NoParentDirSanitizerGuard() { this = incl }
91+
NoParentDirSanitizerGuard() { this = incl }
9692

9793
override predicate sanitizes(boolean outcome, Expr e) {
98-
incl.getPolarity().booleanNot() = outcome
99-
and incl.getBaseString().asExpr() = e
100-
and incl.getSubstring().mayHaveStringValue(getAParentDirName())
94+
incl.getPolarity().booleanNot() = outcome and
95+
incl.getBaseString().asExpr() = e and
96+
incl.getSubstring().mayHaveStringValue(getAParentDirName())
10197
}
10298
}
10399
}

0 commit comments

Comments
 (0)