Use of `Kernel.open` or `IO.read` or similar sinks with a non-constant value in third_party/webkit/PerformanceTests/ARES-6/Air/strip-hash.rb
Categories
(Testing :: Talos, defect)
Tracking
(Not tracked)
People
(Reporter: u771097, Unassigned)
Details
Attachments
(1 file)
|
116.58 KB,
image/png
|
Details |
Снимок экрана (11).png
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Steps to reproduce:
1.Open the file located at third_party/webkit/PerformanceTests/ARES-6/Air/strip-hash.rb.
2.Look for the usage of IO.read and IO.write with non-constant values.
3.Observe the following code snippet:
ARGV.each {
| filename |
IO::write(filename, IO::read(filename).lines.reject{|v| v =~ /hash/i}.join())
}
Actual results:
The code uses IO.read and IO.write with non-constant values, which can lead to security vulnerabilities. Specifically, if a malicious user controls the filename value, it could result in a command injection attack or arbitrary code execution.
Expected results:
The code should avoid using IO.read and IO.write for operations with non-constant values. Instead, it should use safer alternatives like File.read and File.write, which do not carry the same vulnerabilities. Additionally, input validation should be implemented to ensure all user-supplied data is sanitized before being used.
ARGV.each {
| filename |
File.write(filename, File.read(filename).lines.reject{|v| v =~ /hash/i}.join())
}
|
||
Updated•24 days ago
|
|
|
||
Comment 1•24 days ago
|
||
It looks like this is just some script a user can run to clean up some files. We never call this anywhere that I can see, and a user would be calling this manually from the command line so there shouldn't be any danger of getting invoked by an attacker.
|
|
||
Updated•24 days ago
|
Description
•