Merge pull request #11899 from ataillefer/patch-1

smowton · web-flow · commit 29425982a559 · 2023-01-17T09:39:36.000Z
Fix partial path traversal Java example
diff --git a/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java b/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java
@@ -1,6 +1,6 @@
 public class PartialPathTraversalGood {
     public void example(File dir, File parent) throws IOException {
-        if (!dir.getCanonicalPath().toPath().startsWith(parent.getCanonicalPath().toPath())) {
+        if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {
             throw new IOException("Invalid directory: " + dir.getCanonicalPath());
         }
     }
diff --git a/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalRemainder.inc.qhelp b/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalRemainder.inc.qhelp
@@ -27,7 +27,7 @@ and not just children of <code>parent</code>, which is a security issue.
 <p>
 
 In this example, the <code>if</code> statement checks if <code>parent.getCanonicalPath() + File.separator </code> 
-is a prefix of <code>dir.getCanonicalPath()</code>. Because <code>parent.getCanonicalPath().toPath()</code> is 
+is a prefix of <code>dir.getCanonicalPath()</code>. Because <code>parent.getCanonicalPath() + File.separator</code> is
 indeed slash-terminated, the user supplying <code>dir</code> can only access children of 
 <code>parent</code>, as desired.
 

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`public class PartialPathTraversalGood {`
`2`	`2`	`public void example(File dir, File parent) throws IOException {`
`3`		`- if (!dir.getCanonicalPath().toPath().startsWith(parent.getCanonicalPath().toPath())) {`
	`3`	`+ if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath() + File.separator)) {`
`4`	`4`	`throw new IOException("Invalid directory: " + dir.getCanonicalPath());`
`5`	`5`	`}`
`6`	`6`	`}`