Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-4639

Zip function calls should not be vulnerable to path transversal attacks

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Refactor this code to not construct the extracted file/dir from tainted, user-controlled data.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Targeted languages:
      C#, Java, PHP
    • Irrelevant for Languages:
      ABAP, C, C++, Cobol, CSS, Flex, Go, HTML, JavaScript, Objective-C, PL/I, PL/SQL, Python, RPG, Swift, T-SQL, TypeScript, VB.Net, VB6, XML
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      30min
    • Analysis Level:
      Abstract Interpretation
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • CERT:
      IDS04-J.
    • CWE:
      CWE-409
    • OWASP:
      A1

      Description

      Libraries used to unarchive a file (zip, bzip2, tar, ...) do what they were made for: they extract the content of the archive blindly, creating on the filesystem directories and files corresponding exactly to the content of the archive. Using a specially crafted archive containing some path traversal filenames, it is possible to create directories/files outside of the dir where the archive is extracted. This can lead to overwriting an executable or a configuration file with a file containing malicious code and transform a simple archive into a way to execute arbitrary code.

      See

        Attachments

        1.
        Java RSPEC-4960 Language-Specification Active Unassigned
        2.
        C# RSPEC-5052 Language-Specification Active Unassigned

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alexandre.gigleux Alexandre Gigleux
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: