hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Create ZipSlip.qll

Browse Source
This commit is contained in:
Ahmed Farid
2022-03-01 00:04:02 +01:00
committed by GitHub
parent 3eae13161f
commit abe25da3df
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
python/ql/src/experimental/semmle/python/security/ZipSlip.qll Normal file
View File

@@ -0,0 +1,12 @@
import python
import experimental.semmle.python.Concepts
import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
class ZipSlipConfig extends TaintTracking::Configuration {
ZipSlipConfig() { this = "ZipSlipConfig" }
override predicate isSource(DataFlow::Node source) { source = any(OpenFile openfile).getAPathArgument() }
override predicate isSink(DataFlow::Node sink) { sink = any(ZipFile zipfile).getAnInput() }
}