From 8649375be31b0d6b3fd4e4e5a13efdb83d7e950f Mon Sep 17 00:00:00 2001
From: Ahmed Farid <53880570+ahmed532009@users.noreply.github.com>
Date: Sun, 6 Mar 2022 23:56:02 +0100
Subject: [PATCH] Update ZipSlip.qll

---
 .../experimental/semmle/python/security/ZipSlip.qll    | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/python/ql/src/experimental/semmle/python/security/ZipSlip.qll b/python/ql/src/experimental/semmle/python/security/ZipSlip.qll
index 307c7ef1df0..31efe7fce0b 100644
--- a/python/ql/src/experimental/semmle/python/security/ZipSlip.qll
+++ b/python/ql/src/experimental/semmle/python/security/ZipSlip.qll
@@ -6,7 +6,11 @@ import semmle.python.dataflow.new.TaintTracking
 class ZipSlipConfig extends TaintTracking::Configuration {
   ZipSlipConfig() { this = "ZipSlipConfig" }
 
-  override predicate isSource(DataFlow::Node source) { source = any(CopyFile copyfile).getAPathArgument() }
-
-  override predicate isSink(DataFlow::Node sink) { sink = any(ZipFile zipfile).getAnInput() }
+  override predicate isSource(DataFlow::Node source) { 
+     source = API::moduleImport("zipfile").getMember("ZipFile").getACall() 
+  }
+  
+  override predicate isSink(DataFlow::Node sink) { 
+     sink = any(CopyFile copyfile).getAPathArgument()
+  }
 }