hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql

Browse Source 
Yes, definitely

Co-authored-by: yoff <lerchedahl@gmail.com>
This commit is contained in:
Sim4n6
2023-01-25 19:44:28 +01:00
committed by GitHub
parent 10d6ebf95b
commit 0ed480855a
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
View File

@@ -69,8 +69,7 @@ class UnsafeUnpackingConfig extends TaintTracking::Configuration {
// Writing the response data to the archive // Writing the response data to the archive
exists(Stdlib::FileLikeObject::InstanceSource is, Node f, MethodCallNode mc | exists(Stdlib::FileLikeObject::InstanceSource is, Node f, MethodCallNode mc |
is.flowsTo(f) and is.flowsTo(f) and
mc.getMethodName() = "write" and mc.calls(f, "write")
f = mc.getObject() and
nodeFrom = mc.getArg(0) and nodeFrom = mc.getArg(0) and
nodeTo = is.(CallCfgNode).getArg(0) nodeTo = is.(CallCfgNode).getArg(0)
) )