hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use of more generic terms

Browse Source
This commit is contained in:
ALJI Mohamed
2022-12-06 14:44:52 +01:00
parent 58570b4d2c
commit 4896e62117
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.qhelp
View File

@@ -17,9 +17,9 @@ the file may be written to an unexpected location. This can result in sensitive
revealed or deleted, or an attacker being able to influence behavior by modifying unexpected
files.</p>
<p>For example, if a tarball contains a file entry <code>../sim4n6.txt</code>, and the tarball
<p>For example, if a tarball contains a file entry <code>../sneaky-file.txt</code>, and the tarball
is extracted to the directory <code>/tmp/tmp123</code>, then naively combining the paths would result
in an output file path of <code>/tmp/tmp123/../sim4n6.txt</code>, which would cause the file to be
in an output file path of <code>/tmp/tmp123/../sneaky-file.txt</code>, which would cause the file to be
written to <code>/tmp/</code>.</p>
</overview>