Skip to content

Commit a674dbb

Browse files
jcreedcmujcreedcmu
committed
JavaScript: Update docstrings to reflect generalization.
1 parent 6589813 commit a674dbb

File tree

1 file changed

+11
-10
lines changed
  • javascript/ql/src/semmle/javascript/security/dataflow

1 file changed

+11
-10
lines changed

javascript/ql/src/semmle/javascript/security/dataflow/ZipSlip.qll

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,32 @@
11
/**
2-
* Provides a taint tracking configuration for reasoning about unsafe zip extraction.
2+
* Provides a taint tracking configuration for reasoning about unsafe
3+
* zip and tar archive extraction.
34
*/
45

56
import javascript
67

78
module ZipSlip {
89
/**
9-
* A data flow source for unsafe zip extraction.
10+
* A data flow source for unsafe archive extraction.
1011
*/
1112
abstract class Source extends DataFlow::Node { }
1213

1314
/**
14-
* A data flow sink for unsafe zip extraction.
15+
* A data flow sink for unsafe archive extraction.
1516
*/
1617
abstract class Sink extends DataFlow::Node { }
1718

1819
/**
19-
* A sanitizer for unsafe zip extraction.
20+
* A sanitizer for unsafe archive extraction.
2021
*/
2122
abstract class Sanitizer extends DataFlow::Node { }
2223

2324
/**
24-
* A sanitizer guard for unsafe zip extraction.
25+
* A sanitizer guard for unsafe archive extraction.
2526
*/
2627
abstract class SanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { }
2728

28-
/** A taint tracking configuration for unsafe zip extraction. */
29+
/** A taint tracking configuration for unsafe archive extraction. */
2930
class Configuration extends TaintTracking::Configuration {
3031
Configuration() { this = "ZipSlip" }
3132

@@ -41,7 +42,7 @@ module ZipSlip {
4142
}
4243

4344
/**
44-
* Gets a node that can be a parsed zip archive.
45+
* Gets a node that can be a parsed archive.
4546
*/
4647
private DataFlow::SourceNode parsedArchive() {
4748
result = DataFlow::moduleImport("unzip").getAMemberCall("Parse")
@@ -61,7 +62,7 @@ module ZipSlip {
6162
/** Gets a property that is used to get the filename part of an archive entry. */
6263
private string getAFilenameProperty() { result = "path" or result = "name" }
6364

64-
/** A zip archive entry path access, as a source for unsafe zip extraction. */
65+
/** An archive entry path access, as a source for unsafe archive extraction. */
6566
class UnzipEntrySource extends Source {
6667
// For example, in
6768
// ```javascript
@@ -84,7 +85,7 @@ module ZipSlip {
8485
}
8586
}
8687

87-
/** A call to `fs.createWriteStream`, as a sink for unsafe zip extraction. */
88+
/** A call to `fs.createWriteStream`, as a sink for unsafe archive extraction. */
8889
class CreateWriteStreamSink extends Sink {
8990
CreateWriteStreamSink() {
9091
// This is not covered by `FileSystemWriteSink`, because it is
@@ -96,7 +97,7 @@ module ZipSlip {
9697
}
9798
}
9899

99-
/** A file path of a file write, as a sink for unsafe zip extraction. */
100+
/** A file path of a file write, as a sink for unsafe archive extraction. */
100101
class FileSystemWriteSink extends Sink {
101102
FileSystemWriteSink() { exists(FileSystemWriteAccess fsw | fsw.getAPathArgument() = this) }
102103
}

0 commit comments

Comments
 (0)