File tree Expand file tree Collapse file tree 1 file changed +14
-0
lines changed
javascript/ql/src/semmle/javascript/security/dataflow Expand file tree Collapse file tree 1 file changed +14
-0
lines changed Original file line number Diff line number Diff line change @@ -121,6 +121,20 @@ module ZipSlip {
121121 BasenameSanitizer ( ) { this = DataFlow:: moduleImport ( "path" ) .getAMemberCall ( "basename" ) }
122122 }
123123
124+ /**
125+ * An expression that forces the output path to be in the current working folder.
126+ * Recognizes the pattern: `path.join(cwd, path.join('/', orgPath))`.
127+ */
128+ class PathSanitizer extends Sanitizer , DataFlow:: CallNode {
129+ PathSanitizer ( ) {
130+ this = DataFlow:: moduleMember ( "path" , "join" ) .getACall ( ) and
131+ exists ( DataFlow:: CallNode inner | inner = getArgument ( 1 ) |
132+ inner = DataFlow:: moduleMember ( "path" , "join" ) .getACall ( ) and
133+ inner .getArgument ( 0 ) .mayHaveStringValue ( "/" )
134+ )
135+ }
136+ }
137+
124138 /**
125139 * Gets a string which is sufficient to exclude to make
126140 * a filepath definitely not refer to parent directories.
You can’t perform that action at this time.
0 commit comments