hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update ZipSlip.qll

Browse Source
This commit is contained in:
Ahmed Farid
2022-03-28 00:59:56 +00:00
committed by GitHub
parent 0fac4f195d
commit ddba3b7784
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/experimental/semmle/python/security/ZipSlip.qll
View File

@@ -8,7 +8,8 @@ class ZipSlipConfig extends TaintTracking::Configuration {
ZipSlipConfig() { this = "ZipSlipConfig" }
override predicate isSource(DataFlow::Node source) {
source = API::moduleImport("zipfile").getMember("ZipFile").getACall() or
source.asCfgNode().(CallNode).getFunction().(AttrNode).getObject("open").pointsTo().getClass() = Module::named("zipfile").attr("ZipFile") or
source.asCfgNode().(CallNode).getFunction().(AttrNode).getObject("namelist").pointsTo().getClass() = Module::named("zipfile").attr("ZipFile") or
source = API::moduleImport("tarfile").getMember("open").getACall() or
source = API::moduleImport("tarfile").getMember("TarFile").getACall() or
source = API::moduleImport("bz2").getMember("open").getACall() or
@@ -20,6 +21,7 @@ class ZipSlipConfig extends TaintTracking::Configuration {
}
override predicate isSink(DataFlow::Node sink) {
sink = any(CopyFile copyfile).getAPathArgument()
sink = any(CopyFile copyfile).getAPathArgument() or
sink = any(CopyFile copyfile).getfsrcArgument()
}
}