Suggested changes

Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2026-04-25 08:45:14 +02:00 · 2024-02-07 14:27:40 +01:00
parent 9ce75dac0e
commit c6fb303d63
2 changed files with 5 additions and 5 deletions
--- a/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp
+++ b/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp
@@ -31,7 +31,7 @@ The following examples unpacks a remote zip using `fileManager.unzipItem()` whic


 <p>Consider using a safer module, such as: <code>ZIPArchive</code></p>
-<sample src="ZIPArchiveGood.swift" />
+<sample src="ZipArchiveGood.swift" />
 </example>

 <references>
--- a/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.ql
+++ b/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.ql
@@ -1,11 +1,11 @@
 /**
 * @name Arbitrary file write during a zip extraction from a user controlled source
- * @description Unpacking user controlled zips without validating if destination path file
- *              is within the destination directory can cause files outside
- *              the destination directory to be overwritten.
+ * @description Unpacking user controlled zips without validating whether the
+ *              destination file path is within the destination directory can cause files
+ *              outside the destination directory to be overwritten.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 9.8
+ * @security-severity 7.5
 * @precision high
 * @id swift/unsafe-unpacking
 * @tags security