New rule for path traversal on archive unpacking (Zip Slip)?

36 views

Skip to first unread message

Tobias Gruetzmacher

unread,

Jun 8, 2018, 9:37:07 AM6/8/18

to SonarQube

Hi,

as you might know, there was an advisory recently about path traversal when unpacking archives (https://snyk.io/research/zip-slip-vulnerability). Since this seems to be a common pitfall, would it be worthwhile for SonarQube to detect those cases, for example when using the Java standard library ZipEntry?

Regards, Tobias

PS: This seems similar to https://jira.sonarsource.com/browse/RSPEC-2083 ...

Nicolas Peru

unread,

Jun 8, 2018, 9:40:47 AM6/8/18

to Tobias Gruetzmacher, SonarQube

Hi tobias,

We already took this into consideration : https://jira.sonarsource.com/browse/RSPEC-4639

It might be part of SonarSecurity at one point.

Cheers,

--
Important: this SonarQube Google Group will close on June 11th, 2018, in order to move to a new forum to power even more community discussions. See details in this post: https://groups.google.com/d/msg/sonarqube/BbSZz-JnhVM/DavhMueEAAAJ
---
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/7ad634c7-e469-4f5d-a005-06bb6fb9aa2e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Nicolas Peru | SonarSource

Senior Developer

https://t witter.com/benzonico

https://sonarsource.com

Reply all

Reply to author

Forward

0 new messages