• Home
• io.codemodder
• core-codemods
• 0.93.0
• source code
• sanitize-apache-multipart-filename.yaml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.codemodder.codemods.sanitize-apache-multipart-filename.yaml Maven / Gradle / Ivy

rules:
  - id: sanitize-apache-multipart-filename
    mode: taint
    metadata:
      options:
        symbolic_propagation: true
    pattern-sources:
      - pattern: (org.apache.commons.fileupload.FileItem $X).getName()
      - pattern: (FileItem $X).getName()
    pattern-sanitizers:
      - pattern-either:
          - pattern: Filenames.toSimpleFileName(...)
    pattern-sinks:
      - patterns:
          - pattern-either:
              - pattern: |
                  new $F(...,<... $SINK ...>)
              - pattern: |
                  $F(<... $SINK ...>)
              - pattern: |
                  return $SINK;
    message: Semgrep found a match
    languages:
      - java
    severity: WARNING