Skip to content

Latest commit

 

History

History
139 lines (117 loc) · 4.45 KB

zipslip.md

File metadata and controls

139 lines (117 loc) · 4.45 KB
Raw

Zip slip

org.openrewrite.java.security.ZipSlip

Zip slip is an arbitrary file overwrite critical vulnerability, which typically results in remote command execution. A fuller description of this vulnerability is available in the Snyk documentation on it.

Tags

  • CWE-22

Recipe source

GitHub, Issue Tracker, Maven Central

  • groupId: org.openrewrite.recipe
  • artifactId: rewrite-java-security
  • version: 2.5.2

Usage

This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-java-security:2.5.2 in your build file or by running a shell command (in which case no build changes are needed): {% tabs %} {% tab title="Gradle" %}

  1. Add the following to your build.gradle file: {% code title="build.gradle" %}
plugins {
    id("org.openrewrite.rewrite") version("6.11.2")
}

rewrite {
    activeRecipe("org.openrewrite.java.security.ZipSlip")
}

repositories {
    mavenCentral()
}

dependencies {
    rewrite("org.openrewrite.recipe:rewrite-java-security:2.5.2")
}

{% endcode %} 2. Run gradle rewriteRun to run the recipe. {% endtab %}

{% tab title="Gradle init script" %}

  1. Create a file named init.gradle in the root of your project. {% code title="init.gradle" %}
initscript {
    repositories {
        maven { url "https://plugins.gradle.org/m2" }
    }
    dependencies { classpath("org.openrewrite:plugin:6.11.2") }
}
rootProject {
    plugins.apply(org.openrewrite.gradle.RewritePlugin)
    dependencies {
        rewrite("org.openrewrite.recipe:rewrite-java-security:2.5.2")
    }
    rewrite {
        activeRecipe("org.openrewrite.java.security.ZipSlip")
    }
    afterEvaluate {
        if (repositories.isEmpty()) {
            repositories {
                mavenCentral()
            }
        }
    }
}

{% endcode %} 2. Run gradle --init-script init.gradle rewriteRun to run the recipe. {% endtab %} {% tab title="Maven POM" %}

  1. Add the following to your pom.xml file: {% code title="pom.xml" %}
<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>5.27.0</version>
        <configuration>
          <activeRecipes>
            <recipe>org.openrewrite.java.security.ZipSlip</recipe>
          </activeRecipes>
        </configuration>
        <dependencies>
          <dependency>
            <groupId>org.openrewrite.recipe</groupId>
            <artifactId>rewrite-java-security</artifactId>
            <version>2.5.2</version>
          </dependency>
        </dependencies>
      </plugin>
    </plugins>
  </build>
</project>

{% endcode %} 2. Run mvn rewrite:run to run the recipe. {% endtab %}

{% tab title="Maven Command Line" %} {% code title="shell" %} You will need to have Maven installed on your machine before you can run the following command.

mvn -U org.openrewrite.maven:rewrite-maven-plugin:run -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-java-security:RELEASE -Drewrite.activeRecipes=org.openrewrite.java.security.ZipSlip

{% endcode %} {% endtab %} {% tab title="Moderne CLI" %} You will need to have configured the Moderne CLI on your machine before you can run the following command.

{% code title="shell" %}

mod run . --recipe ZipSlip

{% endcode %} {% endtab %} {% endtabs %}

See how this recipe works across multiple open-source repositories

Moderne Link Image

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.

Contributors

Jonathan Leitschuh, Jonathan Schnéider, Knut Wannheden, Simon Verhoeven