Update zipslip_bad.py

2026-05-03 12:45:27 +02:00 · 2022-03-01 00:24:33 +01:00
parent 85bcaa96ce
commit 70c0c7e461
1 changed files with 1 additions and 1 deletions
--- a/python/ql/src/experimental/Security/CWE-022/zipslip_bad.py
+++ b/python/ql/src/experimental/Security/CWE-022/zipslip_bad.py
@@ -6,4 +6,4 @@ zf = zipfile.ZipFile(filename)
 with zf.open() as zipf:
    #BAD : This could write any file on the filesystem.
    for entry in zipf:
-    shutil.copyfileobj(entry, "/tmp/unpack/")
+       shutil.copy(entry, "/tmp/unpack/")