hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update ZipSlip.qhelp

Browse Source
This commit is contained in:
Ahmed Farid
2022-02-26 18:25:13 +01:00
committed by GitHub
parent 5ed5e0b105
commit d0d14be693
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/src/experimental/Security/CWE-022/ZipSlip.qhelp
View File

@@ -28,8 +28,7 @@ written to <code>c:\sneaky-file</code>.</p>
<p>Ensure that output paths constructed from Zip archive entries are validated
to prevent writing files to unexpected locations.</p>
<p>The recommended way of writing an output file from a Zip archive entry is to use
this function instead of <code>extract()</code> or <code>extractall()</code>.
<p>The recommended way of writing an output file from a Zip archive entry is to call <code>extract()</code> or <code>extractall()</code>.
</p>
</recommendation>
@@ -41,7 +40,7 @@ In this example an archive is extracted without validating file paths.
<sample src="zipslip_bad.py" />
<p>To fix this vulnerability, we need to this function <code>extractall()</code>.
<p>To fix this vulnerability, we need to call the function <code>extractall()</code>.
</p>
<sample src="zipslip_good.py" />