Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query

All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous

Author: atorralba

csharp/ql/src/Security Features/CWE-022/ZipSlip.qhelp

@@ -3,16 +3,16 @@
   "qhelp.dtd">
 <qhelp>
 <overview>
-<p>Extracting files from a malicious zip archive without validating that the destination file path
-is within the destination directory can cause files outside the destination directory to be
-overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
+<p>Accessing filesystem paths built from the name of an archive entry without validating that the
+destination file path is within the destination directory can allow an attacker to access 
+unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
 archive paths.</p>
 
 <p>Zip archives contain archive entries representing each file in the archive. These entries
 include a file path for the entry, but these file paths are not restricted and may contain
 unexpected special elements such as the directory traversal element (<code>..</code>). If these
-file paths are used to determine an output file to write the contents of the archive item to, then
-the file may be written to an unexpected location. This can result in sensitive information being
+file paths are used to create a filesystem path, then a file operation may happen in an 
+unexpected location. This can result in sensitive information being
 revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
 files.</p>
 

csharp/ql/src/Security Features/CWE-022/ZipSlip.ql

@@ -1,8 +1,8 @@
 /**
- * @name Arbitrary file write during zip extraction ("Zip Slip")
- * @description Extracting files from a malicious zip archive without validating that the
- *              destination file path is within the destination directory can cause files outside
- *              the destination directory to be overwritten.
+ * @name Arbitrary file access during archive extraction ("Zip Slip")
+ * @description Accessing filesystem paths built from the name of an archive entry without
+ *              validating that the destination file path is within the destination directory
+ *              can allow an attacker to access unexpected resources.
  * @kind path-problem
  * @id cs/zipslip
  * @problem.severity error

go/ql/src/Security/CWE-022/ZipSlip.qhelp

@@ -5,18 +5,18 @@
 
 <overview>
 <p>
-Extracting files from a malicious zip archive without validating that the destination file path
-is within the destination directory can cause files outside the destination directory to be
-overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
+Accessing filesystem paths built from the name of an archive entry without validating that the
+destination file path is within the destination directory can allow an attacker to access 
+unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
 archive paths.
 </p>
 
 <p>
 Zip archives contain archive entries representing each file in the archive. These entries
 include a file path for the entry, but these file paths are not restricted and may contain
 unexpected special elements such as the directory traversal element (<code>..</code>). If these
-file paths are used to determine which output file the contents of an archive item should be written to, then
-the file may be written to an unexpected location. This can result in sensitive information being
+file paths are used to create a filesystem path, then a file operation may happen in an 
+unexpected location. This can result in sensitive information being
 revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
 files.
 </p>

go/ql/src/Security/CWE-022/ZipSlip.ql

@@ -1,8 +1,8 @@
 /**
- * @name Arbitrary file write during zip extraction ("zip slip")
- * @description Extracting files from a malicious zip archive without validating that the
- *              destination file path is within the destination directory can cause files outside
- *              the destination directory to be overwritten.
+ * @name Arbitrary file access during archive extraction ("Zip Slip")
+ * @description Accessing filesystem paths built from the name of an archive entry without
+ *              validating that the destination file path is within the destination directory
+ *              can allow an attacker to access unexpected resources.
  * @kind path-problem
  * @id go/zipslip
  * @problem.severity error

java/ql/src/Security/CWE/CWE-022/ZipSlip.qhelp

@@ -3,17 +3,16 @@
   "qhelp.dtd">
 <qhelp>
 <overview>
-<p>Extracting files from a malicious zip archive (or another archive format)
-without validating that the destination file path
-is within the destination directory can cause files outside the destination directory to be
-overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
+<p>Accessing filesystem paths built from the name of an archive entry without validating that the
+destination file path is within the destination directory can allow an attacker to access 
+unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
 archive paths.</p>
 
 <p>Zip archives contain archive entries representing each file in the archive. These entries
 include a file path for the entry, but these file paths are not restricted and may contain
 unexpected special elements such as the directory traversal element (<code>..</code>). If these
-file paths are used to determine an output file to write the contents of the archive item to, then
-the file may be written to an unexpected location. This can result in sensitive information being
+file paths are used to create a filesystem path, then a file operation may happen in an 
+unexpected location. This can result in sensitive information being
 revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
 files.</p>
 

java/ql/src/Security/CWE/CWE-022/ZipSlip.ql

@@ -1,8 +1,8 @@
 /**
- * @name Arbitrary file write during archive extraction ("Zip Slip")
- * @description Extracting files from a malicious archive without validating that the
- *              destination file path is within the destination directory can cause files outside
- *              the destination directory to be overwritten.
+ * @name Arbitrary file access during archive extraction ("Zip Slip")
+ * @description Accessing filesystem paths built from the name of an archive entry without
+ *              validating that the destination file path is within the destination directory
+ *              can allow an attacker to access unexpected resources.
  * @kind path-problem
  * @id java/zipslip
  * @problem.severity error

javascript/ql/src/Security/CWE-022/ZipSlip.qhelp

@@ -4,16 +4,16 @@
 <qhelp>
 
 <overview>
-<p>Extracting files from a malicious zip archive without validating that the destination file path
-is within the destination directory can cause files outside the destination directory to be
-overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
+<p>Accessing filesystem paths built from the name of an archive entry without validating that the
+destination file path is within the destination directory can allow an attacker to access 
+unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
 archive paths.</p>
 
 <p>Zip archives contain archive entries representing each file in the archive. These entries
 include a file path for the entry, but these file paths are not restricted and may contain
 unexpected special elements such as the directory traversal element (<code>..</code>). If these
-file paths are used to determine an output file to write the contents of the archive item to, then
-the file may be written to an unexpected location. This can result in sensitive information being
+file paths are used to create a filesystem path, then a file operation may happen in an 
+unexpected location. This can result in sensitive information being
 revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
 files.</p>
 

javascript/ql/src/Security/CWE-022/ZipSlip.ql

@@ -1,8 +1,8 @@
 /**
- * @name Arbitrary file write during zip extraction ("Zip Slip")
- * @description Extracting files from a malicious zip archive without validating that the
- *              destination file path is within the destination directory can cause files outside
- *              the destination directory to be overwritten.
+ * @name Arbitrary file access during archive extraction ("Zip Slip")
+ * @description Accessing filesystem paths built from the name of an archive entry without
+ *              validating that the destination file path is within the destination directory
+ *              can allow an attacker to access unexpected resources.
  * @kind path-problem
  * @id js/zipslip
  * @problem.severity error

python/ql/src/experimental/Security/CWE-022/ZipSlip.qhelp

@@ -4,16 +4,16 @@
 <qhelp>
 
 <overview>
-<p>Extracting files from a malicious zip archive without validating that the destination file path
-is within the destination directory can cause files outside the destination directory to be
-overwritten, due to the possible presence of directory traversal elements (<code>..</code>) in
+<p>Accessing filesystem paths built from the name of an archive entry without validating that the
+destination file path is within the destination directory can allow an attacker to access 
+unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
 archive paths.</p>
 
 <p>Zip archives contain archive entries representing each file in the archive. These entries
 include a file path for the entry, but these file paths are not restricted and may contain
 unexpected special elements such as the directory traversal element (<code>..</code>). If these
-file paths are used to determine an output file to write the contents of the archive item to, then
-the file may be written to an unexpected location. This can result in sensitive information being
+file paths are used to create a filesystem path, then a file operation may happen in an 
+unexpected location. This can result in sensitive information being
 revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
 files.</p>
 

python/ql/src/experimental/Security/CWE-022/ZipSlip.ql

@@ -1,8 +1,8 @@
 /**
- * @name Arbitrary file write during archive extraction ("Zip Slip")
- * @description Extracting files from a malicious archive without validating that the
- *              destination file path is within the destination directory can cause files outside
- *              the destination directory to be overwritten.
+ * @name Arbitrary file access during archive extraction ("Zip Slip")
+ * @description Accessing filesystem paths built from the name of an archive entry without
+ *              validating that the destination file path is within the destination directory
+ *              can allow an attacker to access unexpected resources.
  * @kind path-problem
  * @id py/zipslip
  * @problem.severity error