github / securitylab

Resources related to GitHub Security Lab
https://securitylab.github.com
MIT License
1.41k stars 245 forks source link

[python]: Add some dangerous sinks for paramiko ssh clients #730

Closed am0o0 closed 1 year ago

am0o0 commented 1 year ago

Query PR

https://github.com/github/codeql/pull/12220

Language

Python

CVE(s) ID list

CWE

CWE-74

Report

  1. vulnerability can be a RCE or command injection.
  2. not trusted or not perfectly sanitized remote/local input from users can lead to command execution.
  3. I add some additional sinks and taint tracking steps of paramiko library.
  4. I think we wont see many false-positives, but I can add some rules as sanitizer in this taint tracking class.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

Blog post link

A series of Blog posts will be forthcoming soon!

ghsecuritylab commented 1 year ago

Your submission is now in status Results analysis.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

ghsecuritylab commented 1 year ago

Your submission is now in status Query review.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

ghsecuritylab commented 1 year ago

Your submission is now in status Final decision.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

xcorail commented 1 year ago

Hey @amammad can you please provide a public email, or send me one privately?

am0o0 commented 1 year ago

Hey @amammad can you please provide a public email, or send me one privately?

Hi @xcorail I sent my email to your account in github security lab slack group. should I send it with another contact way?

ghsecuritylab commented 1 year ago

Your submission is now in status Pay.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

xcorail commented 1 year ago

Created Hackerone report 1971611 for bounty 477451 : [730] [python]: Add some dangerous sinks for paramiko ssh clients

ghsecuritylab commented 1 year ago

Your submission is now in status Closed.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed