Skip to content

Commit cd3662c

Browse files
JLLeitschuhJLLeitschuh
committed
Cleanup after rebase on main 
1 parent 3a50253 commit cd3662c

File tree

2 files changed

+14
-10
lines changed

2 files changed

+14
-10
lines changed

java/ql/lib/semmle/code/java/security/TempFileLib.qll

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
/** Provides classes to reason about temporary directory vulnerabilities. */
22

33
import java
4-
import semmle.code.java.dataflow.ExternalFlow
54

65
/**
76
* A `java.io.File::createTempFile` method.
@@ -22,12 +21,3 @@ class MethodFileCreatesDirs extends Method {
2221
this.hasName(["mkdir", "mkdirs"])
2322
}
2423
}
25-
26-
private class TemporaryFileFlow extends SummaryModelCsv {
27-
override predicate row(string row) {
28-
// qualifier to return
29-
row =
30-
"java.io;File;true;" + ["getAbsoluteFile", "getCanonicalFile"] +
31-
";;;Argument[-1];ReturnValue;taint"
32-
}
33-
}

java/ql/test/query-tests/security/CWE-378/semmle/tests/TempDirHijackingVulnerability.expected

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,12 @@ edges
8888
| Test.java:299:9:299:15 | workDir : File | Test.java:300:24:300:30 | workDir : File |
8989
| Test.java:300:24:300:30 | workDir : File | Test.java:304:32:304:40 | file : File |
9090
| Test.java:304:32:304:40 | file : File | Test.java:306:14:306:17 | file |
91+
| Test.java:312:21:312:66 | new File(...) : File | Test.java:314:65:314:68 | temp : File |
92+
| Test.java:312:30:312:65 | getProperty(...) : String | Test.java:312:21:312:66 | new File(...) : File |
93+
| Test.java:314:24:314:69 | createTempFile(...) : File | Test.java:315:23:315:29 | workDir : File |
94+
| Test.java:314:65:314:68 | temp : File | Test.java:314:24:314:69 | createTempFile(...) : File |
95+
| Test.java:315:23:315:29 | workDir : File | Test.java:315:23:315:29 | workDir : File |
96+
| Test.java:315:23:315:29 | workDir : File | Test.java:316:9:316:15 | workDir |
9197
nodes
9298
| Test.java:11:20:11:59 | createTempFile(...) : File | semmle.label | createTempFile(...) : File |
9399
| Test.java:12:13:12:16 | temp : File | semmle.label | temp : File |
@@ -196,6 +202,13 @@ nodes
196202
| Test.java:300:24:300:30 | workDir : File | semmle.label | workDir : File |
197203
| Test.java:304:32:304:40 | file : File | semmle.label | file : File |
198204
| Test.java:306:14:306:17 | file | semmle.label | file |
205+
| Test.java:312:21:312:66 | new File(...) : File | semmle.label | new File(...) : File |
206+
| Test.java:312:30:312:65 | getProperty(...) : String | semmle.label | getProperty(...) : String |
207+
| Test.java:314:24:314:69 | createTempFile(...) : File | semmle.label | createTempFile(...) : File |
208+
| Test.java:314:65:314:68 | temp : File | semmle.label | temp : File |
209+
| Test.java:315:23:315:29 | workDir : File | semmle.label | workDir : File |
210+
| Test.java:315:23:315:29 | workDir : File | semmle.label | workDir : File |
211+
| Test.java:316:9:316:15 | workDir | semmle.label | workDir |
199212
subpaths
200213
#select
201214
| Test.java:13:13:13:16 | temp | Test.java:11:20:11:59 | createTempFile(...) : File | Test.java:13:13:13:16 | temp | Local temporary directory hijacking race condition between $@ and this directory creation call. As such, the directory usage $@ may have been hijacked by another local user. | Test.java:12:13:12:16 | temp | delete here | Test.java:18:9:18:33 | ...=... | here |
@@ -211,3 +224,4 @@ subpaths
211224
| Test.java:263:9:263:12 | file | Test.java:254:30:254:65 | getProperty(...) : String | Test.java:263:9:263:12 | file | Local temporary directory hijacking race condition between $@ and this directory creation call. As such, the directory usage $@ may have been hijacked by another local user. | Test.java:257:9:257:15 | workDir | delete here | Test.java:259:16:259:22 | workDir | here |
212225
| Test.java:292:9:292:12 | file | Test.java:282:30:282:65 | getProperty(...) : String | Test.java:292:9:292:12 | file | Local temporary directory hijacking race condition between $@ and this directory creation call. As such, the directory usage $@ may have been hijacked by another local user. | Test.java:285:9:285:15 | workDir | delete here | Test.java:287:16:287:22 | workDir | here |
213226
| Test.java:306:14:306:17 | file | Test.java:296:30:296:65 | getProperty(...) : String | Test.java:306:14:306:17 | file | Local temporary directory hijacking race condition between $@ and this directory creation call. As such, the directory usage $@ may have been hijacked by another local user. | Test.java:299:9:299:15 | workDir | delete here | Test.java:301:16:301:22 | workDir | here |
227+
| Test.java:316:9:316:15 | workDir | Test.java:312:30:312:65 | getProperty(...) : String | Test.java:316:9:316:15 | workDir | Local temporary directory hijacking race condition between $@ and this directory creation call. As such, the directory usage $@ may have been hijacked by another local user. | Test.java:315:23:315:29 | workDir | delete here | Test.java:317:16:317:22 | workDir | here |

0 commit comments

Comments
 (0)