Skip to content

Commit

Permalink
UserControlled/DataFromInternet file content deserializatio rule
Browse files Browse the repository at this point in the history
Summary:
creates a rule for new category FileContentDeserializationSink.
sources UserControlled/DataFromInternet to new sink FileContentDeserializationSink

Reviewed By: r0rshark

Differential Revision: D47438813

fbshipit-source-id: 7e56ab6cf2323807ad50eafe60d204530c59adae
  • Loading branch information
saputkin authored and facebook-github-bot committed Jul 16, 2023
1 parent 1f19813 commit 2e1a2b5
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions stubs/taint/core_privacy_security/taint.config
Original file line number Diff line number Diff line change
Expand Up @@ -388,6 +388,17 @@
"CLIUserControlled"
]
},
{
"code": 5067,
"message_format": "Data from [{$sources}] source(s) may reach [{$sinks}] sink(s)",
"name": "Unsafe UserControlled file handle before content deserialization may result in RCE",
"sinks": [
"FileContentDeserializationSink"
],
"sources": [
"UserControlled"
]
},
{
"code": 6060,
"message_format": "Data from [{$sources}] source(s) may reach [{$sinks}] sink(s)",
Expand Down Expand Up @@ -591,6 +602,17 @@
"DataFromInternet"
]
},
{
"code": 5367,
"message_format": "Data from [{$sources}] source(s) may reach [{$sinks}] sink(s)",
"name": "External/Internet request response data controls file handle before content deserialization may result in RCE",
"sinks": [
"FileContentDeserializationSink"
],
"sources": [
"DataFromInternet"
]
},
{
"code": 5373,
"message_format": "Data from Internet may eventually flow into a Server Side Template Injection sink",
Expand Down

0 comments on commit 2e1a2b5

Please sign in to comment.