fix dll hijacking

DataDog · Jan 13, 2025 · 0e3142f · 0e3142f
1 parent 5b70b79
commit 0e3142f
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/guarddog/analyzer/sourcecode/dll-hijacking.yml b/guarddog/analyzer/sourcecode/dll-hijacking.yml
@@ -62,11 +62,17 @@ rules:
       - patterns:
         # write a library to disk
         - patterns:
-            - pattern: |
-                ...
-                open($DLL,'wb')
-                ...
-                $FN(...,$EXE,...)
+            - pattern-either:
+              - pattern: |
+                  ...
+                  with open($DLL,'wb') as $FILE:
+                    ...
+                  $FN(...,$EXE,...)
+              - pattern: |
+                  ...
+                  $FILE = open($DLL,'wb')
+                  ...
+                  $FN(...,$EXE,...)
             - metavariable-pattern:
                 metavariable: $EXE
                 patterns:
@@ -82,5 +88,3 @@ rules:
             - focus-metavariable: $DLL
 
     severity: WARNING
-    options:
-      symbolic_propagation: true