[<Python>]: <Add shutil module sinks for path injection query> #518
Comments
|
Your submission is now in status Test run. For information, the evaluation workflow is the following: |
|
github/codeql#7455 this PR has been merged. |
|
Your submission is now in status Results analysis. For information, the evaluation workflow is the following: |
|
Your submission is now in status Query review. For information, the evaluation workflow is the following: |
|
Your submission is now in status Final decision. For information, the evaluation workflow is the following: |
|
Your submission is now in status Pay. For information, the evaluation workflow is the following: |
|
Created Hackerone report 1471622 for bounty 366791 : [518] [Python]: Add shutil module sinks for path injection query |
|
Your submission is now in status Closed. For information, the evaluation workflow is the following: |
haby0 commentedJan 7, 2022
•
edited
Query PR
github/codeql#7455
Language
Python
CVE(s) ID list
CWE
CWE-022
Report
1.What is the vulnerability?
Path injection of shutil module.
2.How does the vulnerability work?
If the path is controlled by some function calls of the shutil module, it may cause malicious attacks. For example, the rmtree function will delete the specified directory. The move function will move the specified file or move the specified file to the specified location, causing the file content to leak.
3.What strategy do you use in your query to find the vulnerability?
The remote input controllable path variables are not filtered, and are directly processed by the path operation function under the shutil module.
4.What have you reduced the number of false positives?
Sanitizer has not been modeled yet.
5.Other information?
None.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
The text was updated successfully, but these errors were encountered: