codeQL issues (#4948)

Fix codeQL issues

diff --git a/src/Microsoft.Diagnostics.TestHelpers/AcquireDotNetTestStep.cs b/src/Microsoft.Diagnostics.TestHelpers/AcquireDotNetTestStep.cs
index 359116156ed15f95360719cf0fbbdb846e1fe873..1bdb2cccbc8df1d1916f535e91130c3f6e3d8c49 100644 (file)
--- a/src/Microsoft.Diagnostics.TestHelpers/AcquireDotNetTestStep.cs
+++ b/src/Microsoft.Diagnostics.TestHelpers/AcquireDotNetTestStep.cs
@@ -168,7 +168,12 @@ namespace Microsoft.Diagnostics.TestHelpers
                 ZipArchive zip = new(zipStream);
                 foreach (ZipArchiveEntry entry in zip.Entries)
                 {
-                    string extractedFilePath = Path.Combine(expandedDirPath, entry.FullName);
+                    string extractedFilePath = Path.GetFullPath(Path.Combine(expandedDirPath, entry.FullName));
+                    string fullExtractedDirPath = Path.GetFullPath(expandedDirPath + Path.DirectorySeparatorChar);
+                    if (!extractedFilePath.StartsWith(fullExtractedDirPath))
+                    {
+                        throw new InvalidDataException("Entry is outside of the target dir: " + entry.FullName);
+                    }
                     Directory.CreateDirectory(Path.GetDirectoryName(extractedFilePath));
                     using (Stream zipFileStream = entry.Open())
                     {

diff --git a/src/Microsoft.SymbolStore/KeyGenerators/SourceFileKeyGenerator.cs b/src/Microsoft.SymbolStore/KeyGenerators/SourceFileKeyGenerator.cs
index cb0631149eb0eeeb02cf76e3b117c3216a5ee20f..46fefb731afc753e9219df84deaa7b654c5bfe5d 100644 (file)
--- a/src/Microsoft.SymbolStore/KeyGenerators/SourceFileKeyGenerator.cs
+++ b/src/Microsoft.SymbolStore/KeyGenerators/SourceFileKeyGenerator.cs
@@ -28,6 +28,7 @@ namespace Microsoft.SymbolStore.KeyGenerators
             if ((flags & KeyTypeFlags.IdentityKey) != 0)
             {
 #pragma warning disable CA5350 // Do Not Use Weak Cryptographic Algorithms
+                // CodeQL [SM02196] SSQP protocol requires the use of SHA1 and this doesn't constitute a security boundary.
                 byte[] hash = SHA1.Create().ComputeHash(_file.Stream);
 #pragma warning restore CA5350 // Do Not Use Weak Cryptographic Algorithms
                 yield return GetKey(_file.FileName, hash);

diff --git a/src/SOS/Strike/clrma/exception.cpp b/src/SOS/Strike/clrma/exception.cpp
index 1579dbfb5d357c0215a5122a212a14d1510911a3..17dc054ccc7ac6a0cb1d9a77faeba78301cb41a4 100644 (file)
--- a/src/SOS/Strike/clrma/exception.cpp
+++ b/src/SOS/Strike/clrma/exception.cpp
@@ -324,7 +324,8 @@ ClrmaException::Frame(
     *pDisplacement = 0;
 
     UINT nCount = 0;
-    if (HRESULT hr = get_FrameCount(&nCount))
+    HRESULT hr;
+    if (FAILED(hr = get_FrameCount(&nCount)))
     {
         return hr;
     }
@@ -411,7 +412,7 @@ ClrmaException::InnerException(
 
     HRESULT hr;
     USHORT nCount = 0;
-    if (hr = get_InnerExceptionCount(&nCount))
+    if (FAILED(hr = get_InnerExceptionCount(&nCount)))
     {
         return hr;
     }
@@ -453,7 +454,7 @@ ClrmaException::GetStackFrames()
         TraceError("ClrmaException::GetStackFrames GetObjectData(%016llx) FAILED %08x\n", m_exceptionData.StackTrace, hr);
         return hr;
     }
-        
+
     if (arrayObjData.ObjectType != OBJ_ARRAY || arrayObjData.dwNumComponents == 0)
     {
         TraceError("ClrmaException::GetStackFrames StackTrace not array or empty\n");

diff --git a/src/SOS/Strike/clrma/thread.cpp b/src/SOS/Strike/clrma/thread.cpp
index 5ae175f3d56de4919346a3fc02af993e5cfed0d5..bd8220f8acdf01470873ef806b1262a8dc7cad80 100644 (file)
--- a/src/SOS/Strike/clrma/thread.cpp
+++ b/src/SOS/Strike/clrma/thread.cpp
@@ -269,7 +269,8 @@ ClrmaThread::Frame(
     *pDisplacement = 0;
 
     UINT nCount = 0;
-    if (HRESULT hr = get_FrameCount(&nCount))
+    HRESULT hr;
+    if (FAILED(hr= get_FrameCount(&nCount)))
     {
         return hr;
     }