ajinabraham.njsscan.archive_path_overwrite.tar_path_overwrite

ajinabraham

Author

1,129

Download Count*

GPLv3

License

Insecure TAR archive extraction can result in arbitrary path over write and can result in code injection.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: tar_path_overwrite
    patterns:
      - pattern-inside: |
          $X = require('tar-stream')
          ...
      - pattern-not-inside: |
          $Y.pipe($UNZIP.Parse(...)).on('entry', function $FUNC(...) {
              ...
          }, ...)
      - pattern-inside: |
          $EXTRACT.on('entry', function $FUNC(...) {
            ...
          }, ...)
      - pattern-not: |
          if ($FILENAME.indexOf('..'))
      - pattern-not: |
          $FS.createWriteStream($PATH.join(..., $PATH.basename($FILENAME, ...)))
      - pattern-not: |
          $FS.writeFile($PATH.join(..., $PATH.basename($FILENAME, ...)))
      - pattern-not: |
          $FS.writeFileSync($PATH.join(..., $PATH.basename($FILENAME, ...)))
      - pattern-either:
          - pattern: |
              $FS.createWriteStream($FIL, ...)
          - pattern: |
              $FS.writeFile($FIL, ...)
          - pattern: |
              $FS.writeFileSync($FIL, ...)
    message: Insecure TAR archive extraction can result in arbitrary path over write
      and can result in code injection.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a5
      cwe: cwe-22
      license: LGPL-3.0-or-later

Short Link: https://sg.run/KlK9