The Power of Taint Analysis: Uncovering Critical Code Vulnerability in OpenAPI Generator

The OpenAPI Generator, a popular tool with over 20k stars on GitHub, was found to have a complex taint flow vulnerability that could lead to arbitrary file read and deletion. This critical vulnerability, CVE-2024-35219, affected versions 7.5.0 and below of the OpenAPI Generator. The issue has been fixed with pull request #18652 in version 7.6.0. Taint analysis, a technique used by SonarQube and SonarCloud to identify security vulnerabilities, was instrumental in discovering this vulnerability. The patch involved removing the code that concatenated attacker-controllable options into the destination folder.