hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.qhelp

Browse Source 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
This commit is contained in:
Sim4n6
2022-12-06 14:39:16 +01:00
committed by GitHub
parent a5849eb9b0
commit c22c0b5029
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.qhelp
View File

@@ -40,7 +40,7 @@ In this example an archive is extracted without validating file paths.
<sample src="examples/HIT_UnsafeUnpack.py" />
<p>To fix this vulnerability, we need to call the function <code>tarfile.extract()</code>
on each <code>member</code> after verifying that it does not contain either `..` or startswith `/`.
on each <code>member</code> after verifying that it does not contain either <code>..</code> or startswith <code>/</code>.
</p>
<sample src="examples/NoHIT_UnsafeUnpack.py" />