id: tar-extraction

info:
  name: Path Injection Vulnerability in TAR Extraction
  author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
  severity: info
  description: Insecure TAR archive extraction can result in arbitrary path over write and can result in code injection.
  tags: file,nodejs
file:
  - extensions:
      - all
    matchers:
      - type: regex
        regex:
          - "require\\('tar-stream'\\)"
          - "[\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
          - "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
          - "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
        condition: or
# digest: 4a0a00473045022100f8dfeaaf606976931effe9fe032866cd4afcff3989fbc9caa38ad9fbbfa634da02201e46d8c4d5b9b19945f9376512be2ccbfcce5f35a22297845e97d8c1bfabd10b:922c64590222798bb761d5b6d8e72950