hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fixup annotation for CWE-022-PathInjection/pathlib_use.py

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2023-01-23 11:31:23 +01:00
parent 753192bb4d
commit 80324735bb
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/test/query-tests/Security/CWE-022-PathInjection/pathlib_use.py
View File

@@ -11,7 +11,7 @@ STATIC_DIR = pathlib.Path("/server/static/")
def path_injection():
filename = request.args.get('filename', '')
p = STATIC_DIR / filename
p.open() # NOT OK
p.open() # $ result=BAD
p2 = pathlib.Path(STATIC_DIR, filename)
p2.open() # NOT OK
p2.open() # $ result=BAD