hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix some Ql4Ql violations.

Browse Source
This commit is contained in:
Michael Nebel
2025-09-01 15:16:25 +02:00
parent b4d6cb6e5f
commit dbd31259b3
10 changed files with 35 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql
View File

@@ -63,7 +63,7 @@ private module TarSlipImprovConfig implements DataFlow::ConfigSig {
// For a call to `file.extractall` without `members` argument, `file` is considered a sink.
exists(MethodCallNode call, AllTarfileOpens atfo |
call = atfo.getReturn().getMember("extractall").getACall() and
not exists(Node arg | arg = call.getArgByName("members")) and
not exists(call.getArgByName("members")) and
sink = call.getObject()
)
or