hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add an additional taint step

Browse Source
This commit is contained in:
ALJI Mohamed
2022-10-19 16:01:34 +01:00
parent d6fa745279
commit 25a7fcffc0
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql
View File

@@ -55,7 +55,7 @@ class AllTarfileOpens extends API::CallNode {
class Configuration extends TaintTracking::Configuration {
Configuration() { this = "TarSlip" }
override predicate isSource(DataFlow::Node source) { source instanceof AllTarfileOpens }
override predicate isSource(DataFlow::Node source) { source = tarfileOpen().getACall() }
override predicate isSink(DataFlow::Node sink) {
// A sink capturing method calls to `extractall` without `members` argument.
@@ -99,6 +99,13 @@ class Configuration extends TaintTracking::Configuration {
nodeFrom = call.getObject() and
nodeTo = call
)
or
exists(DataFlow::CallCfgNode closing |
closing = API::moduleImport("contextlib").getMember("closing").getACall() and
nodeFrom = closing.getArg(0) and
nodeFrom = tarfileOpen().getACall() and
nodeTo = closing
)
}
}