Add query for double-fetch vulnerability #8461
Conversation
|
Hi @Paul1nh0, Thanks for your PR. Unfortunately, this query seems to be a direct copy of this one: https://github.com/github/codeql/pull/8423/files#diff-c5a2ba137e4023d259d6e72897f1842088760b77f799d5ef7f4344e01b54ec38 which was submitted about an hour before yours. Are you aware of this? |
|
Hello jketema, Because I'm not that familiar with pulling request, I commit this https://github.com/github/codeql/pull/8423/files#diff-c5a2ba137e4023d259d6e72897f1842088760b77f799d5ef7f4344e01b54ec38 by mistake:( So I change another github accout(this one)to create pull request again:( |
In breif, cve-2017-5123.ql and cve-2016-6480.ql are all written by myself. I created pull request for cve-2017-5123.ql the day before yesterday, but I commit a new file cve-2016-6480.ql in the same pull request, which I'd intented to commit in a new pull request. |
|
Hi @Paul1nh0, Please understand that there's no way for me to check that your account belongs to the same individual as the one who opened the other PR. Could you leave a note while logged into to the account that made #8423 that acknowledges what you're saying? Thanks. Also, please find a way of removing the CVE-2016-6480 query from the other PR. |
OK, I'll try to delete cve_2016_6480.ql in that commit:( |
Hello, I've deleted it d4c7314 |
Thanks for your contribution, @Paul1nh0!
Here's my first round of comments. In addition to the changes/comments I've requested, I'd also appreciate it if you could:
- Restructure your contribution so that your query is located in a CWE directory instead of a CVE directory. Looking at https://access.redhat.com/security/cve/cve-2016-6480 it sounds like this particular CVE is an instance of CWE-362. So would you mind moving your query into a new
cpp/ql/experimental/Security/CWE/CWE-362directory? - Format your query so that it adheres to our formatting guidelines. You can see the style guidelines here. It also contains a link that describes how to autoformat your query so that it automatically adheres to our requirements.
|
In addition, I should also note that if you plan on participating in the bug bounty program, you should also add tests (that demonstrate that your query is working) and a qhelp file (that describes the vulnerability and the mitigation). You can read about these here: https://github.com/github/codeql/blob/main/CONTRIBUTING.md. Note that tests and qhelp aren't strictly necessary, but they'll improve the final score we assign to your submission if you choose to participate in the bug bounty program. |
|
CI is failing because the query isn't autoformatted:
|
Hello @MathiasVP , I'm sorry but I have no idea about what you mean by autoformatted? |
See my response here:
|
As far as I can tell, root cause of double-fetech issue is read from the same user mode memory twice, so it makes sense that only check whether user mode pointer is same or not
Hello @MathiasVP , I’m so excited that I can make a little contribution to CodeQL with your help, thank you. What a great hacking journey:) |
Add query for double-fetch vulnerability CVE-2016-6480