clean up unused vars,fix tests

python/ql/src/experimental/Security/CWE-409/DecompressionBombs.ql

@@ -36,8 +36,7 @@ predicate isAdditionalTaintStepTextIOWrapper(DataFlow::Node nodeFrom, DataFlow::
   |
     nodeFrom = textIOWrapper.getParameter(0, "input").asSink() and
     nodeTo = textIOWrapper
-  ) and
-  exists(nodeTo.getLocation().getFile().getRelativePath())
+  )
 }
 
 module FileAndFormRemoteFlowSource {
@@ -62,7 +61,7 @@ module FileAndFormRemoteFlowSource {
         fastApiUploadFile =
           fastApiParam.asSource().asExpr().(Parameter).getAnnotation().getASubExpression*() and
         // Multiple Uploaded files as list of fastapi.UploadFile
-        exists(For f, Attribute attr, DataFlow::Node a, DataFlow::Node b |
+        exists(For f, Attribute attr |
           fastApiParam.getAValueReachableFromSource().asExpr() = f.getIter().getASubExpression*()
         |
           TaintTracking::localExprTaint(f.getIter(), attr.getObject()) and
@@ -80,11 +79,10 @@ module FileAndFormRemoteFlowSource {
                 .getReturn()
                 .asSource(), fastApiParam.getMember("read").getReturn().asSource()
           ]
-      ) and
-      exists(this.getLocation().getFile().getRelativePath())
+      )
     }
 
-    override string getSourceType() { result = "HTTP FORM" }
+    override string getSourceType() { result = "fastapi HTTP FORM files" }
   }
 }
 

python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.expected

@@ -1,258 +1,125 @@
 edges
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:9:27:9:36 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:11:15:11:24 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:12:19:12:28 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:14:15:14:24 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:15:19:15:28 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:17:20:17:29 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:23:14:23:23 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:24:17:24:26 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:27:40:27:49 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:29:23:29:32 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:30:21:30:30 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:32:40:32:49 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:33:22:33:31 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:34:21:34:30 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:35:42:35:51 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:36:23:36:32 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:37:36:37:45 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:53:10:53:19 | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:53:10:53:19 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input |
-| file:///usr/lib/python3.10/zipfile.py:344:24:344:31 | ControlFlowNode for filename | file:///usr/lib/python3.10/zipfile.py:351:24:351:44 | ControlFlowNode for Subscript |
-| file:///usr/lib/python3.10/zipfile.py:344:24:344:31 | ControlFlowNode for filename | file:///usr/lib/python3.10/zipfile.py:358:25:358:32 | ControlFlowNode for filename |
-| file:///usr/lib/python3.10/zipfile.py:351:24:351:44 | ControlFlowNode for Subscript | file:///usr/lib/python3.10/zipfile.py:358:25:358:32 | ControlFlowNode for filename |
-| file:///usr/lib/python3.10/zipfile.py:358:25:358:32 | ControlFlowNode for filename | file:///usr/lib/python3.10/zipfile.py:358:9:358:12 | [post] ControlFlowNode for self [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1216:24:1216:27 | ControlFlowNode for file | file:///usr/lib/python3.10/zipfile.py:1258:23:1258:26 | ControlFlowNode for file |
-| file:///usr/lib/python3.10/zipfile.py:1258:13:1258:16 | [post] ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1259:13:1259:16 | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1258:23:1258:26 | ControlFlowNode for file | file:///usr/lib/python3.10/zipfile.py:1258:13:1258:16 | [post] ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1259:13:1259:16 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1260:9:1260:12 | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1260:9:1260:12 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1261:9:1261:12 | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1261:9:1261:12 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1262:9:1262:12 | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1262:9:1262:12 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1263:9:1263:12 | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1263:9:1263:12 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1267:17:1267:20 | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1263:9:1263:12 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1287:21:1287:24 | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1267:17:1267:20 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1267:17:1267:20 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1267:17:1267:20 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1326:26:1326:29 | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1287:21:1287:24 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1287:21:1287:24 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1287:21:1287:24 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1326:26:1326:29 | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1326:26:1326:29 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1328:14:1328:17 | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1328:14:1328:17 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1328:14:1328:20 | ControlFlowNode for Attribute |
-| file:///usr/lib/python3.10/zipfile.py:1328:14:1328:20 | ControlFlowNode for Attribute | file:///usr/lib/python3.10/zipfile.py:1376:25:1376:32 | ControlFlowNode for filename |
-| file:///usr/lib/python3.10/zipfile.py:1376:17:1376:33 | ControlFlowNode for ZipInfo() [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1377:13:1377:13 | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1376:25:1376:32 | ControlFlowNode for filename | file:///usr/lib/python3.10/zipfile.py:344:24:344:31 | ControlFlowNode for filename |
-| file:///usr/lib/python3.10/zipfile.py:1376:25:1376:32 | ControlFlowNode for filename | file:///usr/lib/python3.10/zipfile.py:1376:17:1376:33 | ControlFlowNode for ZipInfo() [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1377:13:1377:13 | ControlFlowNode for x [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1378:13:1378:13 | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1378:13:1378:13 | ControlFlowNode for x [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1379:13:1379:13 | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1379:13:1379:13 | ControlFlowNode for x [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1388:13:1388:13 | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1388:13:1388:13 | ControlFlowNode for x [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1389:13:1389:13 | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1389:13:1389:13 | ControlFlowNode for x [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1393:13:1393:13 | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1393:13:1393:13 | ControlFlowNode for x [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1394:34:1394:34 | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1394:13:1394:25 | [post] ControlFlowNode for Attribute [List element, Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1394:13:1394:16 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1394:34:1394:34 | ControlFlowNode for x [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1394:13:1394:25 | [post] ControlFlowNode for Attribute [List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1410:18:1410:21 | ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1413:16:1413:19 | ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1413:16:1413:19 | ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1413:16:1413:28 | ControlFlowNode for Attribute [List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1617:23:1617:28 | ControlFlowNode for member [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1628:37:1628:42 | ControlFlowNode for member [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1628:37:1628:42 | ControlFlowNode for member [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1628:16:1628:54 | ControlFlowNode for Attribute() |
-| file:///usr/lib/python3.10/zipfile.py:1628:37:1628:42 | ControlFlowNode for member [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1662:31:1662:36 | ControlFlowNode for member [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1662:31:1662:36 | ControlFlowNode for member [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1671:19:1671:24 | ControlFlowNode for member [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1671:19:1671:24 | ControlFlowNode for member [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1671:19:1671:33 | ControlFlowNode for Attribute |
-| file:///usr/lib/python3.10/zipfile.py:1671:19:1671:33 | ControlFlowNode for Attribute | file:///usr/lib/python3.10/zipfile.py:1677:19:1677:48 | ControlFlowNode for Subscript |
-| file:///usr/lib/python3.10/zipfile.py:1677:19:1677:48 | ControlFlowNode for Subscript | file:///usr/lib/python3.10/zipfile.py:1679:42:1679:42 | SSA variable x |
-| file:///usr/lib/python3.10/zipfile.py:1679:36:1680:65 | ControlFlowNode for GeneratorExp | file:///usr/lib/python3.10/zipfile.py:1696:20:1696:29 | ControlFlowNode for targetpath |
-| file:///usr/lib/python3.10/zipfile.py:1679:36:1680:65 | ControlFlowNode for GeneratorExp | file:///usr/lib/python3.10/zipfile.py:1702:16:1702:25 | ControlFlowNode for targetpath |
-| file:///usr/lib/python3.10/zipfile.py:1679:42:1679:42 | SSA variable x | file:///usr/lib/python3.10/zipfile.py:1679:36:1680:65 | ControlFlowNode for GeneratorExp |
-| tarfile_module.py:5:17:5:24 | ControlFlowNode for tar_path | tarfile_module.py:8:5:8:54 | ControlFlowNode for Attribute() |
-| tarfile_module.py:5:17:5:24 | ControlFlowNode for tar_path | tarfile_module.py:9:5:9:54 | ControlFlowNode for Attribute() |
-| tarfile_module.py:5:17:5:24 | ControlFlowNode for tar_path | tarfile_module.py:10:5:10:56 | ControlFlowNode for Attribute() |
-| tarfile_module.py:5:17:5:24 | ControlFlowNode for tar_path | tarfile_module.py:11:5:11:49 | ControlFlowNode for Attribute() |
-| tarfile_module.py:5:17:5:24 | ControlFlowNode for tar_path | tarfile_module.py:12:5:12:59 | ControlFlowNode for Attribute() |
-| tarfile_module.py:5:17:5:24 | ControlFlowNode for tar_path | tarfile_module.py:13:5:13:51 | ControlFlowNode for Attribute() |
-| tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | tarfile_module.py:30:17:30:22 | ControlFlowNode for bar_id |
-| tarfile_module.py:30:17:30:22 | ControlFlowNode for bar_id | tarfile_module.py:5:17:5:24 | ControlFlowNode for tar_path |
-| zipfile_module.py:9:17:9:24 | ControlFlowNode for zip_path | zipfile_module.py:11:5:11:57 | ControlFlowNode for Attribute() |
-| zipfile_module.py:9:17:9:24 | ControlFlowNode for zip_path | zipfile_module.py:12:34:12:41 | ControlFlowNode for zip_path |
-| zipfile_module.py:9:17:9:24 | ControlFlowNode for zip_path | zipfile_module.py:15:5:15:38 | ControlFlowNode for Attribute() |
-| zipfile_module.py:9:17:9:24 | ControlFlowNode for zip_path | zipfile_module.py:17:5:17:58 | ControlFlowNode for Attribute() |
-| zipfile_module.py:12:18:12:47 | ControlFlowNode for Attribute() [Attribute filelist, List element, Attribute filename] | zipfile_module.py:17:24:17:33 | ControlFlowNode for zipFileObj [Attribute filelist, List element, Attribute filename] |
-| zipfile_module.py:12:34:12:41 | ControlFlowNode for zip_path | file:///usr/lib/python3.10/zipfile.py:1216:24:1216:27 | ControlFlowNode for file |
-| zipfile_module.py:12:34:12:41 | ControlFlowNode for zip_path | zipfile_module.py:12:18:12:47 | ControlFlowNode for Attribute() [Attribute filelist, List element, Attribute filename] |
-| zipfile_module.py:17:24:17:33 | ControlFlowNode for zipFileObj [Attribute filelist, List element, Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1410:18:1410:21 | ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| zipfile_module.py:17:24:17:33 | ControlFlowNode for zipFileObj [Attribute filelist, List element, Attribute filename] | zipfile_module.py:17:24:17:44 | ControlFlowNode for Attribute() [List element, Attribute filename] |
-| zipfile_module.py:17:24:17:44 | ControlFlowNode for Attribute() [List element, Attribute filename] | zipfile_module.py:17:24:17:47 | ControlFlowNode for Subscript [Attribute filename] |
-| zipfile_module.py:17:24:17:47 | ControlFlowNode for Subscript [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1617:23:1617:28 | ControlFlowNode for member [Attribute filename] |
-| zipfile_module.py:17:24:17:47 | ControlFlowNode for Subscript [Attribute filename] | zipfile_module.py:17:5:17:58 | ControlFlowNode for Attribute() |
-| zipfile_module.py:20:20:20:27 | ControlFlowNode for zip_path | zipfile_module.py:30:5:30:35 | ControlFlowNode for Attribute() |
-| zipfile_module.py:34:18:34:25 | ControlFlowNode for zip_path | zipfile_module.py:37:14:37:29 | ControlFlowNode for Attribute() |
-| zipfile_module.py:34:18:34:25 | ControlFlowNode for zip_path | zipfile_module.py:42:29:42:36 | ControlFlowNode for Attribute |
-| zipfile_module.py:34:18:34:25 | ControlFlowNode for zip_path | zipfile_module.py:45:14:45:39 | ControlFlowNode for Attribute() |
-| zipfile_module.py:34:18:34:25 | ControlFlowNode for zip_path | zipfile_module.py:53:5:53:35 | ControlFlowNode for Attribute() |
-| zipfile_module.py:34:18:34:25 | ControlFlowNode for zip_path | zipfile_module.py:62:44:62:61 | ControlFlowNode for Attribute() |
-| zipfile_module.py:42:21:42:37 | ControlFlowNode for BytesIO() | file:///usr/lib/python3.10/zipfile.py:1216:24:1216:27 | ControlFlowNode for file |
-| zipfile_module.py:42:21:42:37 | ControlFlowNode for BytesIO() | zipfile_module.py:42:5:42:54 | ControlFlowNode for Attribute() |
-| zipfile_module.py:42:29:42:36 | ControlFlowNode for Attribute | zipfile_module.py:42:5:42:54 | ControlFlowNode for Attribute() |
-| zipfile_module.py:42:29:42:36 | ControlFlowNode for Attribute | zipfile_module.py:42:21:42:37 | ControlFlowNode for BytesIO() |
-| zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:90:20:90:25 | ControlFlowNode for bar_id |
-| zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:91:17:91:22 | ControlFlowNode for bar_id |
-| zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:92:18:92:23 | ControlFlowNode for bar_id |
-| zipfile_module.py:90:20:90:25 | ControlFlowNode for bar_id | zipfile_module.py:20:20:20:27 | ControlFlowNode for zip_path |
-| zipfile_module.py:91:17:91:22 | ControlFlowNode for bar_id | zipfile_module.py:9:17:9:24 | ControlFlowNode for zip_path |
-| zipfile_module.py:92:18:92:23 | ControlFlowNode for bar_id | zipfile_module.py:34:18:34:25 | ControlFlowNode for zip_path |
-| zipfile_module.py:99:26:99:34 | ControlFlowNode for Attribute | file:///usr/lib/python3.10/zipfile.py:1216:24:1216:27 | ControlFlowNode for file |
-| zipfile_module.py:99:26:99:34 | ControlFlowNode for Attribute | zipfile_module.py:100:14:100:29 | ControlFlowNode for Attribute() |
-| zipfile_module.py:106:23:106:26 | ControlFlowNode for file | zipfile_module.py:108:14:108:29 | ControlFlowNode for Attribute() |
-| zipfile_module.py:116:30:116:38 | ControlFlowNode for Attribute | file:///usr/lib/python3.10/zipfile.py:1216:24:1216:27 | ControlFlowNode for file |
-| zipfile_module.py:116:30:116:38 | ControlFlowNode for Attribute | zipfile_module.py:117:18:117:33 | ControlFlowNode for Attribute() |
-| zipfile_module.py:125:30:125:38 | ControlFlowNode for Attribute | file:///usr/lib/python3.10/zipfile.py:1216:24:1216:27 | ControlFlowNode for file |
-| zipfile_module.py:125:30:125:38 | ControlFlowNode for Attribute | zipfile_module.py:126:18:126:33 | ControlFlowNode for Attribute() |
+| file:///usr/lib/python3.10/tarfile.py:1850:21:1850:24 | ControlFlowNode for name | file:///usr/lib/python3.10/tarfile.py:1863:32:1863:35 | ControlFlowNode for name |
+| file:///usr/lib/python3.10/tarfile.py:1911:21:1911:24 | ControlFlowNode for name | file:///usr/lib/python3.10/tarfile.py:1923:28:1923:42 | ControlFlowNode for BoolExpr |
+| file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() | file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() |
+| file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() | file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() |
+| file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() | test.py:23:5:23:52 | ControlFlowNode for Attribute() |
+| file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() | test.py:27:5:27:60 | ControlFlowNode for Attribute() |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:10:5:10:52 | ControlFlowNode for Attribute() |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:10:21:10:29 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:11:5:11:48 | ControlFlowNode for Attribute() |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:11:21:11:29 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:14:14:14:29 | ControlFlowNode for Attribute() |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:21:5:21:60 | ControlFlowNode for Attribute() |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:21:21:21:29 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:23:5:23:52 | ControlFlowNode for Attribute() |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:23:18:23:26 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:24:5:24:55 | ControlFlowNode for Attribute() |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:25:5:25:57 | ControlFlowNode for Attribute() |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:25:28:25:36 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:26:5:26:50 | ControlFlowNode for Attribute() |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:26:28:26:36 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:27:5:27:60 | ControlFlowNode for Attribute() |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:27:26:27:34 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:30:28:30:36 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:34:27:34:35 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:38:15:38:23 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:39:19:39:27 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:43:14:43:22 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:44:17:44:25 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:48:15:48:23 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:49:19:49:27 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:53:40:53:48 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:55:23:55:31 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:56:21:56:29 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:58:40:58:48 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:59:22:59:30 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:60:21:60:29 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:61:42:61:50 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:62:23:62:31 | ControlFlowNode for file_path |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:63:36:63:44 | ControlFlowNode for file_path |
+| test.py:10:21:10:29 | ControlFlowNode for file_path | file:///usr/lib/python3.10/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() |
+| test.py:11:21:11:29 | ControlFlowNode for file_path | file:///usr/lib/python3.10/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() |
+| test.py:21:21:21:29 | ControlFlowNode for file_path | file:///usr/lib/python3.10/zipfile.py:1477:14:1477:38 | ControlFlowNode for Attribute() |
+| test.py:23:18:23:26 | ControlFlowNode for file_path | file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() |
+| test.py:23:18:23:26 | ControlFlowNode for file_path | file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() |
+| test.py:25:28:25:36 | ControlFlowNode for file_path | file:///usr/lib/python3.10/tarfile.py:1911:21:1911:24 | ControlFlowNode for name |
+| test.py:26:28:26:36 | ControlFlowNode for file_path | file:///usr/lib/python3.10/tarfile.py:1850:21:1850:24 | ControlFlowNode for name |
+| test.py:27:26:27:34 | ControlFlowNode for file_path | file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() |
+| test.py:27:26:27:34 | ControlFlowNode for file_path | file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() |
+| test.py:30:28:30:36 | ControlFlowNode for file_path | file:///usr/lib/python3.10/tarfile.py:1850:21:1850:24 | ControlFlowNode for name |
 nodes
-| Other_compresstion_modules.py:7:10:7:19 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:9:27:9:36 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:11:15:11:24 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:12:19:12:28 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:14:15:14:24 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:15:19:15:28 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:17:20:17:29 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:23:14:23:23 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:24:17:24:26 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:27:40:27:49 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:29:23:29:32 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:30:21:30:30 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:32:40:32:49 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:33:22:33:31 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:34:21:34:30 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:35:42:35:51 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:36:23:36:32 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:37:36:37:45 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| Other_compresstion_modules.py:53:10:53:19 | ControlFlowNode for bomb_input | semmle.label | ControlFlowNode for bomb_input |
-| file:///usr/lib/python3.10/zipfile.py:344:24:344:31 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| file:///usr/lib/python3.10/zipfile.py:351:24:351:44 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| file:///usr/lib/python3.10/zipfile.py:358:9:358:12 | [post] ControlFlowNode for self [Attribute filename] | semmle.label | [post] ControlFlowNode for self [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:358:25:358:32 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| file:///usr/lib/python3.10/zipfile.py:1216:24:1216:27 | ControlFlowNode for file | semmle.label | ControlFlowNode for file |
-| file:///usr/lib/python3.10/zipfile.py:1258:13:1258:16 | [post] ControlFlowNode for self [Attribute fp] | semmle.label | [post] ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1258:23:1258:26 | ControlFlowNode for file | semmle.label | ControlFlowNode for file |
-| file:///usr/lib/python3.10/zipfile.py:1259:13:1259:16 | ControlFlowNode for self [Attribute fp] | semmle.label | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1260:9:1260:12 | ControlFlowNode for self [Attribute fp] | semmle.label | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1261:9:1261:12 | ControlFlowNode for self [Attribute fp] | semmle.label | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1262:9:1262:12 | ControlFlowNode for self [Attribute fp] | semmle.label | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1263:9:1263:12 | ControlFlowNode for self [Attribute fp] | semmle.label | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1267:17:1267:20 | ControlFlowNode for self [Attribute fp] | semmle.label | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1267:17:1267:20 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | semmle.label | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1287:21:1287:24 | ControlFlowNode for self [Attribute fp] | semmle.label | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1287:21:1287:24 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | semmle.label | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1326:26:1326:29 | ControlFlowNode for self [Attribute fp] | semmle.label | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1328:14:1328:17 | ControlFlowNode for self [Attribute fp] | semmle.label | ControlFlowNode for self [Attribute fp] |
-| file:///usr/lib/python3.10/zipfile.py:1328:14:1328:20 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| file:///usr/lib/python3.10/zipfile.py:1376:17:1376:33 | ControlFlowNode for ZipInfo() [Attribute filename] | semmle.label | ControlFlowNode for ZipInfo() [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1376:25:1376:32 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| file:///usr/lib/python3.10/zipfile.py:1377:13:1377:13 | ControlFlowNode for x [Attribute filename] | semmle.label | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1378:13:1378:13 | ControlFlowNode for x [Attribute filename] | semmle.label | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1379:13:1379:13 | ControlFlowNode for x [Attribute filename] | semmle.label | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1388:13:1388:13 | ControlFlowNode for x [Attribute filename] | semmle.label | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1389:13:1389:13 | ControlFlowNode for x [Attribute filename] | semmle.label | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1393:13:1393:13 | ControlFlowNode for x [Attribute filename] | semmle.label | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1394:13:1394:16 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | semmle.label | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1394:13:1394:25 | [post] ControlFlowNode for Attribute [List element, Attribute filename] | semmle.label | [post] ControlFlowNode for Attribute [List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1394:34:1394:34 | ControlFlowNode for x [Attribute filename] | semmle.label | ControlFlowNode for x [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1410:18:1410:21 | ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | semmle.label | ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1413:16:1413:19 | ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | semmle.label | ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1413:16:1413:28 | ControlFlowNode for Attribute [List element, Attribute filename] | semmle.label | ControlFlowNode for Attribute [List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1617:23:1617:28 | ControlFlowNode for member [Attribute filename] | semmle.label | ControlFlowNode for member [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1628:16:1628:54 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| file:///usr/lib/python3.10/zipfile.py:1628:37:1628:42 | ControlFlowNode for member [Attribute filename] | semmle.label | ControlFlowNode for member [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1662:31:1662:36 | ControlFlowNode for member [Attribute filename] | semmle.label | ControlFlowNode for member [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1671:19:1671:24 | ControlFlowNode for member [Attribute filename] | semmle.label | ControlFlowNode for member [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1671:19:1671:33 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| file:///usr/lib/python3.10/zipfile.py:1677:19:1677:48 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| file:///usr/lib/python3.10/zipfile.py:1679:36:1680:65 | ControlFlowNode for GeneratorExp | semmle.label | ControlFlowNode for GeneratorExp |
-| file:///usr/lib/python3.10/zipfile.py:1679:42:1679:42 | SSA variable x | semmle.label | SSA variable x |
-| file:///usr/lib/python3.10/zipfile.py:1696:20:1696:29 | ControlFlowNode for targetpath | semmle.label | ControlFlowNode for targetpath |
-| file:///usr/lib/python3.10/zipfile.py:1702:16:1702:25 | ControlFlowNode for targetpath | semmle.label | ControlFlowNode for targetpath |
-| tarfile_module.py:5:17:5:24 | ControlFlowNode for tar_path | semmle.label | ControlFlowNode for tar_path |
-| tarfile_module.py:8:5:8:54 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| tarfile_module.py:9:5:9:54 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| tarfile_module.py:10:5:10:56 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| tarfile_module.py:11:5:11:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| tarfile_module.py:12:5:12:59 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| tarfile_module.py:13:5:13:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | semmle.label | ControlFlowNode for bar_id |
-| tarfile_module.py:30:17:30:22 | ControlFlowNode for bar_id | semmle.label | ControlFlowNode for bar_id |
-| zipfile_module.py:9:17:9:24 | ControlFlowNode for zip_path | semmle.label | ControlFlowNode for zip_path |
-| zipfile_module.py:11:5:11:57 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:12:18:12:47 | ControlFlowNode for Attribute() [Attribute filelist, List element, Attribute filename] | semmle.label | ControlFlowNode for Attribute() [Attribute filelist, List element, Attribute filename] |
-| zipfile_module.py:12:34:12:41 | ControlFlowNode for zip_path | semmle.label | ControlFlowNode for zip_path |
-| zipfile_module.py:15:5:15:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:17:5:17:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:17:24:17:33 | ControlFlowNode for zipFileObj [Attribute filelist, List element, Attribute filename] | semmle.label | ControlFlowNode for zipFileObj [Attribute filelist, List element, Attribute filename] |
-| zipfile_module.py:17:24:17:44 | ControlFlowNode for Attribute() [List element, Attribute filename] | semmle.label | ControlFlowNode for Attribute() [List element, Attribute filename] |
-| zipfile_module.py:17:24:17:47 | ControlFlowNode for Subscript [Attribute filename] | semmle.label | ControlFlowNode for Subscript [Attribute filename] |
-| zipfile_module.py:20:20:20:27 | ControlFlowNode for zip_path | semmle.label | ControlFlowNode for zip_path |
-| zipfile_module.py:30:5:30:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:34:18:34:25 | ControlFlowNode for zip_path | semmle.label | ControlFlowNode for zip_path |
-| zipfile_module.py:37:14:37:29 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:42:5:42:54 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:42:21:42:37 | ControlFlowNode for BytesIO() | semmle.label | ControlFlowNode for BytesIO() |
-| zipfile_module.py:42:29:42:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| zipfile_module.py:45:14:45:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:53:5:53:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:62:44:62:61 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | semmle.label | ControlFlowNode for bar_id |
-| zipfile_module.py:90:20:90:25 | ControlFlowNode for bar_id | semmle.label | ControlFlowNode for bar_id |
-| zipfile_module.py:91:17:91:22 | ControlFlowNode for bar_id | semmle.label | ControlFlowNode for bar_id |
-| zipfile_module.py:92:18:92:23 | ControlFlowNode for bar_id | semmle.label | ControlFlowNode for bar_id |
-| zipfile_module.py:99:26:99:34 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| zipfile_module.py:100:14:100:29 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:106:23:106:26 | ControlFlowNode for file | semmle.label | ControlFlowNode for file |
-| zipfile_module.py:108:14:108:29 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:116:30:116:38 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| zipfile_module.py:117:18:117:33 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| zipfile_module.py:125:30:125:38 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| zipfile_module.py:126:18:126:33 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| file:///usr/lib/python3.10/tarfile.py:1850:21:1850:24 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
+| file:///usr/lib/python3.10/tarfile.py:1863:32:1863:35 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
+| file:///usr/lib/python3.10/tarfile.py:1911:21:1911:24 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
+| file:///usr/lib/python3.10/tarfile.py:1923:28:1923:42 | ControlFlowNode for BoolExpr | semmle.label | ControlFlowNode for BoolExpr |
+| file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| file:///usr/lib/python3.10/zipfile.py:1477:14:1477:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| file:///usr/lib/python3.10/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| test.py:9:16:9:24 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:10:5:10:52 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| test.py:10:21:10:29 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:11:5:11:48 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| test.py:11:21:11:29 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:14:14:14:29 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| test.py:21:5:21:60 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| test.py:21:21:21:29 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:23:5:23:52 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| test.py:23:18:23:26 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:24:5:24:55 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| test.py:25:5:25:57 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| test.py:25:28:25:36 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:26:5:26:50 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| test.py:26:28:26:36 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:27:5:27:60 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| test.py:27:26:27:34 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:30:28:30:36 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:34:27:34:35 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:38:15:38:23 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:39:19:39:27 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:43:14:43:22 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:44:17:44:25 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:48:15:48:23 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:49:19:49:27 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:53:40:53:48 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:55:23:55:31 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:56:21:56:29 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:58:40:58:48 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:59:22:59:30 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:60:21:60:29 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:61:42:61:50 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:62:23:62:31 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
+| test.py:63:36:63:44 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
 subpaths
-| file:///usr/lib/python3.10/zipfile.py:1267:17:1267:20 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1326:26:1326:29 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1394:13:1394:16 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1267:17:1267:20 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1287:21:1287:24 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1326:26:1326:29 | ControlFlowNode for self [Attribute fp] | file:///usr/lib/python3.10/zipfile.py:1394:13:1394:16 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1287:21:1287:24 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1376:25:1376:32 | ControlFlowNode for filename | file:///usr/lib/python3.10/zipfile.py:344:24:344:31 | ControlFlowNode for filename | file:///usr/lib/python3.10/zipfile.py:358:9:358:12 | [post] ControlFlowNode for self [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1376:17:1376:33 | ControlFlowNode for ZipInfo() [Attribute filename] |
-| file:///usr/lib/python3.10/zipfile.py:1628:37:1628:42 | ControlFlowNode for member [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1662:31:1662:36 | ControlFlowNode for member [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1696:20:1696:29 | ControlFlowNode for targetpath | file:///usr/lib/python3.10/zipfile.py:1628:16:1628:54 | ControlFlowNode for Attribute() |
-| file:///usr/lib/python3.10/zipfile.py:1628:37:1628:42 | ControlFlowNode for member [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1662:31:1662:36 | ControlFlowNode for member [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1702:16:1702:25 | ControlFlowNode for targetpath | file:///usr/lib/python3.10/zipfile.py:1628:16:1628:54 | ControlFlowNode for Attribute() |
-| zipfile_module.py:12:34:12:41 | ControlFlowNode for zip_path | file:///usr/lib/python3.10/zipfile.py:1216:24:1216:27 | ControlFlowNode for file | file:///usr/lib/python3.10/zipfile.py:1267:17:1267:20 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | zipfile_module.py:12:18:12:47 | ControlFlowNode for Attribute() [Attribute filelist, List element, Attribute filename] |
-| zipfile_module.py:12:34:12:41 | ControlFlowNode for zip_path | file:///usr/lib/python3.10/zipfile.py:1216:24:1216:27 | ControlFlowNode for file | file:///usr/lib/python3.10/zipfile.py:1287:21:1287:24 | [post] ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | zipfile_module.py:12:18:12:47 | ControlFlowNode for Attribute() [Attribute filelist, List element, Attribute filename] |
-| zipfile_module.py:17:24:17:33 | ControlFlowNode for zipFileObj [Attribute filelist, List element, Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1410:18:1410:21 | ControlFlowNode for self [Attribute filelist, List element, Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1413:16:1413:28 | ControlFlowNode for Attribute [List element, Attribute filename] | zipfile_module.py:17:24:17:44 | ControlFlowNode for Attribute() [List element, Attribute filename] |
-| zipfile_module.py:17:24:17:47 | ControlFlowNode for Subscript [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1617:23:1617:28 | ControlFlowNode for member [Attribute filename] | file:///usr/lib/python3.10/zipfile.py:1628:16:1628:54 | ControlFlowNode for Attribute() | zipfile_module.py:17:5:17:58 | ControlFlowNode for Attribute() |
 #select
-| Other_compresstion_modules.py:9:27:9:36 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:9:27:9:36 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:11:15:11:24 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:11:15:11:24 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:12:19:12:28 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:12:19:12:28 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:14:15:14:24 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:14:15:14:24 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:15:19:15:28 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:15:19:15:28 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:17:20:17:29 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:17:20:17:29 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:23:14:23:23 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:23:14:23:23 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:24:17:24:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:24:17:24:26 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:27:40:27:49 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:27:40:27:49 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:29:23:29:32 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:29:23:29:32 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:30:21:30:30 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:30:21:30:30 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:32:40:32:49 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:32:40:32:49 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:33:22:33:31 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:33:22:33:31 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:34:21:34:30 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:34:21:34:30 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:35:42:35:51 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:35:42:35:51 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:36:23:36:32 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:36:23:36:32 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| Other_compresstion_modules.py:37:36:37:45 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | Other_compresstion_modules.py:37:36:37:45 | ControlFlowNode for bomb_input | This file extraction depends on a $@. | Other_compresstion_modules.py:52:17:52:26 | ControlFlowNode for bomb_input | potentially untrusted source |
-| tarfile_module.py:8:5:8:54 | ControlFlowNode for Attribute() | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | tarfile_module.py:8:5:8:54 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| tarfile_module.py:9:5:9:54 | ControlFlowNode for Attribute() | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | tarfile_module.py:9:5:9:54 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| tarfile_module.py:10:5:10:56 | ControlFlowNode for Attribute() | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | tarfile_module.py:10:5:10:56 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| tarfile_module.py:11:5:11:49 | ControlFlowNode for Attribute() | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | tarfile_module.py:11:5:11:49 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| tarfile_module.py:12:5:12:59 | ControlFlowNode for Attribute() | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | tarfile_module.py:12:5:12:59 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| tarfile_module.py:13:5:13:51 | ControlFlowNode for Attribute() | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | tarfile_module.py:13:5:13:51 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | tarfile_module.py:29:19:29:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| zipfile_module.py:11:5:11:57 | ControlFlowNode for Attribute() | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:11:5:11:57 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| zipfile_module.py:15:5:15:38 | ControlFlowNode for Attribute() | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:15:5:15:38 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| zipfile_module.py:17:5:17:58 | ControlFlowNode for Attribute() | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:17:5:17:58 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| zipfile_module.py:30:5:30:35 | ControlFlowNode for Attribute() | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:30:5:30:35 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| zipfile_module.py:37:14:37:29 | ControlFlowNode for Attribute() | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:37:14:37:29 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| zipfile_module.py:42:5:42:54 | ControlFlowNode for Attribute() | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:42:5:42:54 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| zipfile_module.py:45:14:45:39 | ControlFlowNode for Attribute() | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:45:14:45:39 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| zipfile_module.py:53:5:53:35 | ControlFlowNode for Attribute() | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:53:5:53:35 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| zipfile_module.py:62:44:62:61 | ControlFlowNode for Attribute() | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | zipfile_module.py:62:44:62:61 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:89:19:89:24 | ControlFlowNode for bar_id | potentially untrusted source |
-| zipfile_module.py:100:14:100:29 | ControlFlowNode for Attribute() | zipfile_module.py:99:26:99:34 | ControlFlowNode for Attribute | zipfile_module.py:100:14:100:29 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:99:26:99:34 | ControlFlowNode for Attribute | potentially untrusted source |
-| zipfile_module.py:108:14:108:29 | ControlFlowNode for Attribute() | zipfile_module.py:106:23:106:26 | ControlFlowNode for file | zipfile_module.py:108:14:108:29 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:106:23:106:26 | ControlFlowNode for file | potentially untrusted source |
-| zipfile_module.py:117:18:117:33 | ControlFlowNode for Attribute() | zipfile_module.py:116:30:116:38 | ControlFlowNode for Attribute | zipfile_module.py:117:18:117:33 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:116:30:116:38 | ControlFlowNode for Attribute | potentially untrusted source |
-| zipfile_module.py:126:18:126:33 | ControlFlowNode for Attribute() | zipfile_module.py:125:30:125:38 | ControlFlowNode for Attribute | zipfile_module.py:126:18:126:33 | ControlFlowNode for Attribute() | This file extraction depends on a $@. | zipfile_module.py:125:30:125:38 | ControlFlowNode for Attribute | potentially untrusted source |
+| file:///usr/lib/python3.10/tarfile.py:1863:32:1863:35 | ControlFlowNode for name | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.10/tarfile.py:1863:32:1863:35 | ControlFlowNode for name | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| file:///usr/lib/python3.10/tarfile.py:1923:28:1923:42 | ControlFlowNode for BoolExpr | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.10/tarfile.py:1923:28:1923:42 | ControlFlowNode for BoolExpr | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.10/tarfile.py:2373:24:2373:72 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| file:///usr/lib/python3.10/zipfile.py:1477:14:1477:38 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.10/zipfile.py:1477:14:1477:38 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| file:///usr/lib/python3.10/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | file:///usr/lib/python3.10/zipfile.py:1700:14:1700:39 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:10:5:10:52 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:10:5:10:52 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:11:5:11:48 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:11:5:11:48 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:14:14:14:29 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:14:14:14:29 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:21:5:21:60 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:21:5:21:60 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:23:5:23:52 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:23:5:23:52 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:24:5:24:55 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:24:5:24:55 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:25:5:25:57 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:25:5:25:57 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:26:5:26:50 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:26:5:26:50 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:27:5:27:60 | ControlFlowNode for Attribute() | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:27:5:27:60 | ControlFlowNode for Attribute() | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:34:27:34:35 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:34:27:34:35 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:38:15:38:23 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:38:15:38:23 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:39:19:39:27 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:39:19:39:27 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:43:14:43:22 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:43:14:43:22 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:44:17:44:25 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:44:17:44:25 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:48:15:48:23 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:48:15:48:23 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:49:19:49:27 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:49:19:49:27 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:53:40:53:48 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:53:40:53:48 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:55:23:55:31 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:55:23:55:31 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:56:21:56:29 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:56:21:56:29 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:58:40:58:48 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:58:40:58:48 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:59:22:59:30 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:59:22:59:30 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:60:21:60:29 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:60:21:60:29 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:61:42:61:50 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:61:42:61:50 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:62:23:62:31 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:62:23:62:31 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |
+| test.py:63:36:63:44 | ControlFlowNode for file_path | test.py:9:16:9:24 | ControlFlowNode for file_path | test.py:63:36:63:44 | ControlFlowNode for file_path | This uncontrolled file extraction is $@. | test.py:9:16:9:24 | ControlFlowNode for file_path | depends on this user controlled data |

python/ql/test/experimental/query-tests/Security/CWE-409/Other_compresstion_modules.py

@@ -1,54 +0,0 @@
-import io
-from fastapi import FastAPI
-
-app = FastAPI()
-
-
-def bomb(bomb_input):
-    import shutil
-    shutil.unpack_archive(bomb_input)
-    import lzma
-    lzma.open(bomb_input)
-    lzma.LZMAFile(bomb_input).read()
-    import gzip
-    gzip.open(bomb_input)
-    gzip.GzipFile(bomb_input).read()
-
-    with gzip.open(bomb_input, 'rb') as ip:
-        with io.TextIOWrapper(ip, encoding='utf-8') as decoder:
-            content = decoder.read()
-            print(content)
-
-    import bz2
-    bz2.open(bomb_input)
-    bz2.BZ2File(bomb_input).read()
-
-    import pandas
-    pandas.read_csv(filepath_or_buffer=bomb_input)
-
-    pandas.read_table(bomb_input, compression='gzip')
-    pandas.read_xml(bomb_input, compression='gzip')
-
-    pandas.read_csv(filepath_or_buffer=bomb_input, compression='gzip')
-    pandas.read_json(bomb_input, compression='gzip')
-    pandas.read_sas(bomb_input, compression='gzip')
-    pandas.read_stata(filepath_or_buffer=bomb_input, compression='gzip')
-    pandas.read_table(bomb_input, compression='gzip')
-    pandas.read_xml(path_or_buffer=bomb_input, compression='gzip')
-
-    # no compression no DOS
-    pandas.read_table(bomb_input, compression='tar')
-    pandas.read_xml(bomb_input, compression='tar')
-
-    pandas.read_csv(filepath_or_buffer=bomb_input, compression='tar')
-    pandas.read_json(bomb_input, compression='tar')
-    pandas.read_sas(bomb_input, compression='tar')
-    pandas.read_stata(filepath_or_buffer=bomb_input, compression='tar')
-    pandas.read_table(bomb_input, compression='tar')
-    pandas.read_xml(path_or_buffer=bomb_input, compression='tar')
-
-
-@app.post("/bomb")
-async def bombs(bomb_input):
-    bomb(bomb_input)
-    return {"message": "non-async"}

python/ql/test/experimental/query-tests/Security/CWE-409/tarfile_module.py

@@ -1,31 +0,0 @@
-import tarfile
-from fastapi import FastAPI
-
-
-def tar_extract(tar_path):
-    tarfile.open(tar_path)
-    tarfile.open(tar_path)
-    tarfile.TarFile.open(tar_path).extract("somefile")
-    tarfile.TarFile.open(tar_path).extract("somefile")
-    tarfile.TarFile.xzopen(tar_path).extract("somefile")
-    tarfile.TarFile.gzopen(tar_path).extractall()
-    tarfile.TarFile.open(tar_path).extractfile("file1.txt")
-    tarfile.open(tar_path).extractfile("file1.txt")
-    # not working
-    tarInstance2 = tarfile.TarFile(tar_path)
-    tarInstance2.extractfile("file1.txt")
-    tarInstance2.extract("file1.txt")
-    tarfile.TarFile().open(tar_path)
-    # good
-    tarfile.open(tar_path, mode="w")
-    tarfile.TarFile.gzopen(tar_path, mode="w")
-    tarfile.TarFile.open(tar_path, mode="r:")
-
-
-app = FastAPI()
-
-
-@app.post("/zipbomb")
-async def zipbomb(bar_id):
-    tar_extract(bar_id)
-    return {"message": "non-async"}

python/ql/test/experimental/query-tests/Security/CWE-409/test.py

@@ -0,0 +1,76 @@
+import tarfile
+import zipfile
+from fastapi import FastAPI
+
+app = FastAPI()
+
+
+@app.post("/bomb")
+async def bomb(file_path):
+    zipfile.ZipFile(file_path, "r").extract("file1")
+    zipfile.ZipFile(file_path, "r").extractall()
+
+    with zipfile.ZipFile(file_path) as myzip:
+        with myzip.open('ZZ') as myfile:
+            a = myfile.readline()
+
+    with zipfile.ZipFile(file_path) as myzip:
+        with myzip.open('ZZ', mode="w") as myfile:
+            myfile.write(b"tmpppp")
+
+    zipfile.ZipFile(file_path).read("aFileNameInTheZipFile")
+
+    tarfile.open(file_path).extractfile("file1.txt")
+    tarfile.TarFile.open(file_path).extract("somefile")
+    tarfile.TarFile.xzopen(file_path).extract("somefile")
+    tarfile.TarFile.gzopen(file_path).extractall()
+    tarfile.TarFile.open(file_path).extractfile("file1.txt")
+
+    tarfile.open(file_path, mode="w")
+    tarfile.TarFile.gzopen(file_path, mode="w")
+    tarfile.TarFile.open(file_path, mode="r:")
+    import shutil
+
+    shutil.unpack_archive(file_path)
+
+    import lzma
+
+    lzma.open(file_path)
+    lzma.LZMAFile(file_path).read()
+
+    import bz2
+
+    bz2.open(file_path)
+    bz2.BZ2File(file_path).read()
+
+    import gzip
+
+    gzip.open(file_path)
+    gzip.GzipFile(file_path)
+
+    import pandas
+
+    pandas.read_csv(filepath_or_buffer=file_path)
+
+    pandas.read_table(file_path, compression='gzip')
+    pandas.read_xml(file_path, compression='gzip')
+
+    pandas.read_csv(filepath_or_buffer=file_path, compression='gzip')
+    pandas.read_json(file_path, compression='gzip')
+    pandas.read_sas(file_path, compression='gzip')
+    pandas.read_stata(filepath_or_buffer=file_path, compression='gzip')
+    pandas.read_table(file_path, compression='gzip')
+    pandas.read_xml(path_or_buffer=file_path, compression='gzip')
+
+    # no compression no DOS
+    pandas.read_table(file_path, compression='tar')
+    pandas.read_xml(file_path, compression='tar')
+
+    pandas.read_csv(filepath_or_buffer=file_path, compression='tar')
+    pandas.read_json(file_path, compression='tar')
+    pandas.read_sas(file_path, compression='tar')
+    pandas.read_stata(filepath_or_buffer=file_path, compression='tar')
+    pandas.read_table(file_path, compression='tar')
+    pandas.read_xml(path_or_buffer=file_path, compression='tar')
+
+    return {"message": "bomb"}

python/ql/test/experimental/query-tests/Security/CWE-409/zipfile_module.py

@@ -1,128 +0,0 @@
-import zipfile
-from io import BytesIO
-from urllib import request
-import requests
-from fastapi import FastAPI, File, UploadFile
-from typing import List, Annotated
-
-
-def zip_extract(zip_path):
-    # we can have PyZipFile instead of ZipFile too
-    zipfile.ZipFile(zip_path, "r").extract("0", "./tmp/")
-    zipFileObj = zipfile.ZipFile(zip_path, "r")
-    zipFileObj2 = zipFileObj
-    # zipfile.ZipFile("user_input").extract(member="file_name") Consume a lot of CPU,Storage
-    zipFileObj2.extract("0", "./tmp/")
-    # zipfile.ZipFile("user_input").extract(member=ZipInfo_object) Consume a lot of CPU,Storage
-    zipFileObj.extract(zipFileObj.infolist()[0], "./tmp/")
-
-
-def zip_extractall(zip_path):
-    import httpx
-    filex = httpx.get(zip_path).read()
-    zipfile.ZipFile(BytesIO(filex), "r").extractall()
-    zipFileObj = zipfile.ZipFile(zip_path, "r")
-    for infolist in zipFileObj.infolist():
-        Decompression_ratio = infolist.file_size / infolist.compress_size
-        if Decompression_ratio > 10:
-            return
-    # zipfile.ZipFile("user_input").extractall() Consume a lot of CPU,Storage
-    zipFileObj.extractall("./tmp/")  # Sensitive
-    zipFileObj.close()
-
-
-def zip_read_obj(zip_path):
-    # zipfile.ZipFile("user_input").open("file_name").read() Consume a lot of CPU,RAM,Storage
-    with zipfile.ZipFile(zip_path) as myzip:
-        with myzip.open('ZZ') as myfile:
-            a = myfile.readline()
-
-    file = requests.get(zip_path)
-    zipfile.ZipFile(BytesIO(file.raw), "w").open("aa")
-    zipfile.ZipFile(BytesIO(file.raw), "r").open("aa")
-
-    with zipfile.ZipFile(zip_path) as myzip:
-        with myzip.open('ZZ', mode="r") as myfile:
-            a = next(myfile)
-
-    with zipfile.ZipFile(zip_path) as myzip:
-        with myzip.open('ZZ', mode="w") as myfile:
-            a = myfile.write(b"tmpppp")
-
-    myzip = zipfile.PyZipFile(zip_path)
-    myzip.read(myzip.infolist()[0])
-
-    zipfile.ZipFile(BytesIO(request.urlopen(zip_path).read())
-                    ).read("aFileNameInTheZipFile")
-
-    with zipfile.ZipFile(zip_path, 'w') as dst_zip:
-        with zipfile.ZipFile(zip_path) as src_zip:
-            for info in src_zip.infolist():
-                if info.filename.startswith('classes'):
-                    dst_zip.writestr(info, src_zip.read(info))
-
-
-def safeUnzip(zipFileName):
-    buffer_size = 2 ** 10 * 8
-    total_size = 0
-    SIZE_THRESHOLD = 2 ** 10 * 100
-    with zipfile.ZipFile(zipFileName) as myzip:
-        for fileinfo in myzip.infolist():
-            content = b''
-            with myzip.open(fileinfo.filename, mode="r") as myfile:
-                chunk = myfile.read(buffer_size)
-                while chunk:
-                    chunk = myfile.read(buffer_size)
-                    total_size += buffer_size
-                    if total_size > SIZE_THRESHOLD:
-                        print("Bomb detected")
-                        return
-                    content += chunk
-                print(bytes.decode(content, 'utf-8'))
-    return "No Bombs!"
-
-
-app = FastAPI()
-
-
-@app.post("/zipbomb")
-async def zipbomb(bar_id):
-    zip_extractall(bar_id)
-    zip_extract(bar_id)
-    zip_read_obj(bar_id)
-    safeUnzip(bar_id)
-    return {"message": "non-async"}
-
-
-@app.post("/zipbomb2")
-async def zipbomb2(file: UploadFile):
-    with zipfile.ZipFile(file.file) as myzip:
-        with myzip.open('ZZ') as myfile:
-            a = myfile.readline()
-    return {"message": "non-async"}
-
-
-@app.post("/zipbomb2")
-async def create_file(file: Annotated[bytes | None, File()] = None):
-    with zipfile.ZipFile(file) as myzip:
-        with myzip.open('ZZ') as myfile:
-            a = myfile.readline()
-    return {"message": "non-async"}
-
-
-@app.post("/uploadMultipleFiles")
-def upload(files: List[UploadFile] = File(...)):
-    for file in files:
-        with zipfile.ZipFile(file.file) as myzip:
-            with myzip.open('ZZ') as myfile:
-                a = myfile.readline()
-    return {"message": "non-async"}
-
-
-@app.post("/files/")
-async def create_files(files: Annotated[list[bytes], File()]):
-    for file in files:
-        with zipfile.ZipFile(file.file) as myzip:
-            with myzip.open('ZZ') as myfile:
-                a = myfile.readline()
-    return {"file_sizes": [len(file) for file in files]}