ajinabraham.njsscan.traversal.archive_path_overwrite.zip_path_overwrite2

profile photo of ajinabrahamajinabraham
Author
unknown
Download Count*
GPLv3
License

Insecure ZIP archive extraction can result in arbitrary path over write and can result in code injection.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: zip_path_overwrite2
    patterns:
      - pattern-either:
          - pattern-inside: |
              $X = require('unzip')
              ...
          - pattern-inside: |
              $X = require('unzipper')
              ...
      - pattern-inside: |
          $UNZIP.Parse(...).on('entry', function $FUNC($ENTRY) {
              ...
          }, ...)
      - pattern-not: |
          if ($FILENAME.indexOf('..'))
      - pattern-not: |
          $FS.createWriteStream($PATH.join(..., $PATH.basename($FILENAME, ...)))
      - pattern-not: |
          $FS.writeFile($PATH.join(..., $PATH.basename($FILENAME, ...)))
      - pattern-not: |
          $FS.writeFileSync($PATH.join(..., $PATH.basename($FILENAME, ...)))
      - pattern-either:
          - pattern: |
              $FS.createWriteStream($FIL, ...)
          - pattern: |
              $FS.writeFile($FIL, ...)
          - pattern: |
              $FS.writeFileSync($FIL, ...)
    message: Insecure ZIP archive extraction can result in arbitrary path over write
      and can result in code injection.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a5
      cwe: cwe-22
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other