From 76bd3317eb34dc35d27c33ed6b0679486da24199 Mon Sep 17 00:00:00 2001
From: Ahmed Farid <53880570+ahmed532009@users.noreply.github.com>
Date: Tue, 1 Mar 2022 00:05:30 +0100
Subject: [PATCH] Create Zip.qll

---
 .../semmle/python/frameworks/Zip.qll          | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 python/ql/src/experimental/semmle/python/frameworks/Zip.qll

diff --git a/python/ql/src/experimental/semmle/python/frameworks/Zip.qll b/python/ql/src/experimental/semmle/python/frameworks/Zip.qll
new file mode 100644
index 00000000000..15a751e232d
--- /dev/null
+++ b/python/ql/src/experimental/semmle/python/frameworks/Zip.qll
@@ -0,0 +1,28 @@
+private import python
+private import experimental.semmle.python.Concepts
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.ApiGraphs
+
+
+private module Zip {
+  private API::Node shutil() { result = API::moduleImport("shutil") }
+
+  private class CopyFiles extends DataFlow::CallCfgNode, OpenFile::Range {
+      CopyFiles() { this = shutil().getMember(["copyfile", "copy", "copy2", "copytree", "move"]).getACall() }
+      override DataFlow::Node getAPathArgument() { result in [this.getArg(0), this.getArgByName("src"), this.getArg(1), this.getArgByName("dst")] } 
+  }
+  
+  private class CopyFileobj extends DataFlow::CallCfgNode, OpenFile::Range {
+      CopyFileobj() { this = shutil().getMember("copyfileobj").getACall() }
+      override DataFlow::Node getAPathArgument() { result in [this.getArg(0), this.getArgByName("fsrc"), this.getArg(1), this.getArgByName("fdst")] }
+  }
+
+  private class OpenZipFile extends DataFlow::CallCfgNode, ZipFile::Range {
+      OpenZipFile() {
+         this = API::moduleImport("zipfile").getMember("ZipFile").getMember("open").getACall() or
+         this = API::moduleImport("zipfile").getMember("ZipFile").getACall()
+      } 
+      override DataFlow::Node getAnInput() { result = this.getArg(0) }
+  }
+}
+