Update ZipSlip.qll

2026-05-01 03:35:13 +02:00 · 2022-03-08 23:59:03 +01:00
parent 23bd53a325
commit 27b9d6c752
1 changed files with 5 additions and 2 deletions
--- a/python/ql/src/experimental/semmle/python/security/ZipSlip.qll
+++ b/python/ql/src/experimental/semmle/python/security/ZipSlip.qll
@@ -9,8 +9,11 @@ class ZipSlipConfig extends TaintTracking::Configuration {
  override predicate isSource(DataFlow::Node source) { 
    source = API::moduleImport("zipfile").getMember("ZipFile").getACall() or 
    source = API::moduleImport("tarfile").getMember("open").getACall() or 
-    source = API::moduleImport("gzip").getMember("open").getACall() or 
-    source = API::moduleImport("bz2").getMember("open").getACall() 
+    source = API::moduleImport("tarfile").getMember("TarFile").getACall() or  
+    source = API::moduleImport("bz2").getMember("open").getACall() or
+    source = API::moduleImport("bz2").getMember("BZ2File").getACall() or 
+    source = API::moduleImport("gzip").getMember("GzipFile").getACall() or
+    source = API::moduleImport("gzip").getMember("open").getACall() 
  }
  
  override predicate isSink(DataFlow::Node sink) {