hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.qhelp

Browse Source 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
This commit is contained in:
Sim4n6
2022-12-06 14:40:35 +01:00
committed by GitHub
parent c22c0b5029
commit 9a60202de6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.qhelp
View File

@@ -5,7 +5,7 @@
<overview>
<p>Extracting files from a malicious tarball without validating that the destination file path
is within the destination directory using `shutil.unpack_archive()` can cause files outside the
is within the destination directory using <code>shutil.unpack_archive()</code> can cause files outside the
destination directory to be overwritten, due to the possible presence of directory traversal elements
(<code>..</code>) in archive path names.</p>