ajinabraham.njsscan.archive_path_overwrite.zip_path_overwrite

ajinabraham

Author

1,129

Download Count*

GPLv3

License

Insecure ZIP archive extraction can result in arbitrary path over write and can result in code injection.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: zip_path_overwrite
    patterns:
      - pattern-either:
          - pattern-inside: |
              $X = require('unzip')
              ...
          - pattern-inside: |
              $X = require('unzipper')
              ...
      - pattern-inside: |
          $Y.pipe($UNZIP.Parse(...)).on('entry', function $FUNC(...) {
              ...
          }, ...)
      - pattern-not: |
          $X = $FILENAME.indexOf(...)
      - pattern-not: >
          $FUNC.pipe($FS.createWriteStream($PATH.join(...,
          $PATH.basename($FILENAME, ...))))
      - pattern-not: >
          $FUNC.pipe($FS.writeFile($PATH.join(..., $PATH.basename($FILENAME,
          ...))))
      - pattern-not: >
          $FUNC.pipe($FS.writeFileSync($PATH.join(..., $PATH.basename($FILENAME,
          ...))))
      - pattern-either:
          - pattern: |
              $FUNC.pipe($FS.createWriteStream($FIL, ...))
          - pattern: |
              $FUNC.pipe($FS.writeFile($FIL, ...))
          - pattern: |
              $FUNC.pipe($FS.writeFileSync($FIL, ...))
    message: Insecure ZIP archive extraction can result in arbitrary path over write
      and can result in code injection.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a5
      cwe: cwe-22
      license: LGPL-3.0-or-later

Short Link: https://sg.run/DoGy