Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql

Yes, definitely Co-authored-by: yoff <lerchedahl@gmail.com>
2025-12-21 11:16:30 +01:00 · 2023-01-25 19:44:28 +01:00
parent 10d6ebf95b
commit 0ed480855a
1 changed files with 1 additions and 2 deletions
--- a/python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
+++ b/python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
@@ -69,8 +69,7 @@ class UnsafeUnpackingConfig extends TaintTracking::Configuration {
    // Writing the response data to the archive
    exists(Stdlib::FileLikeObject::InstanceSource is, Node f, MethodCallNode mc |
      is.flowsTo(f) and
-      mc.getMethodName() = "write" and
-      f = mc.getObject() and
+      mc.calls(f, "write")
      nodeFrom = mc.getArg(0) and
      nodeTo = is.(CallCfgNode).getArg(0)
    )