Closed dmajda closed 12 years ago
medium CWE-000 sudo
# man unzip: -: option allows ../ in archived file path, dir traversal
medium CWE-23,CWE-88 [^\w]unzip\s+[^(=|&)]
high CWE-23,CWE-88 unzip.*\-\:
# man tar
medium CWE-88 [^\w]tar\s+
high CWE-88 tar.*\-\-to\-command
high CWE-88 tar.*\-\-rmt\-command
# http://www.unix.com/302279785-post3.html tar --rsh-command=`which ssh` -zcvf remote_host:filename.tar.gz -- directory_to_tar
high CWE-88 tar.*\-\-rsh\-command
Ported in SystemTools::SudoCheck
, SystemTools::UnzipCheck
, SystemTools::TarCheck
and SystemTools::TarCommandsCheck
.
@LTe One thing I noted is that build_pattern_exec_command
does not check for spawn
— it should probably be extended.
info CWE-000 (GPG|Gpg|gpg|GpgKey)
Ported in SystemTools::GpgUsageCheck
.
@LTe We discussed this already in #75. Assuming that the intention was to detect all uses of GPG, what about generalizing this check a bit? My idea:
build_pattern_exec_command
).gpg
).GPG
, Gpg
and GpgKey
).Checks 2. and 3. would cover the libraries you mentioned in #75.
All issues resolved, closing.
We need to port patterns form the
rules/10_info_special_tools.rule
file from the old scanner: