fix ftp protocol regexp

erik-krogh · erik-krogh · commit 9780fcf8fe38 · 2020-06-12T10:54:56.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/UnsecureDownloadCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/UnsecureDownloadCustomizations.qll
@@ -34,7 +34,7 @@ module UnsecureDownload {
   class SensitiveFileUrl extends Source {
     SensitiveFileUrl() {
       exists(string str | str = this.getStringValue() |
-        str.regexpMatch("http://.*|ftp://.'") and
+        str.regexpMatch("http://.*|ftp://.*") and
         exists(string suffix | suffix = unsafeExtension() |
           str.suffix(str.length() - suffix.length() - 1).toLowerCase() = "." + suffix
         )
diff --git a/javascript/ql/test/query-tests/Security/CWE-829/unsecure-download.js b/javascript/ql/test/query-tests/Security/CWE-829/unsecure-download.js
@@ -37,4 +37,6 @@ function baz() {
     cp.exec("curl " + url, function () {}); // NOT OK
 
     cp.execFile("curl", [url], function () {}); // NOT OK
+
+    nugget("ftp://example.org/unsafe.APK") // NOT OK
 }

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ module UnsecureDownload {`
`34`	`34`	`class SensitiveFileUrl extends Source {`
`35`	`35`	`SensitiveFileUrl() {`
`36`	`36`	`exists(string str \| str = this.getStringValue() \|`
`37`		`- str.regexpMatch("http://.*\|ftp://.'") and`
	`37`	`+ str.regexpMatch("http://.\|ftp://.") and`
`38`	`38`	`exists(string suffix \| suffix = unsafeExtension() \|`
`39`	`39`	`str.suffix(str.length() - suffix.length() - 1).toLowerCase() = "." + suffix`
`40`	`40`	`)`
Original file line number	Diff line number	Diff line change
`@@ -37,4 +37,6 @@ function baz() {`
`37`	`37`	`cp.exec("curl " + url, function () {}); // NOT OK`
`38`	`38`
`39`	`39`	`cp.execFile("curl", [url], function () {}); // NOT OK`
	`40`	`+`
	`41`	`+ nugget("ftp://example.org/unsafe.APK") // NOT OK`
`40`	`42`	`}`