Python: Initial version and help of tar-slip (CWE-022) query.

python/ql/test/query-tests/Security/CWE-022/TarSlip.expected

@@ -0,0 +1,9 @@
+edges
+| tarslip.py:12:7:12:39 | tarfile.open | tarslip.py:13:1:13:3 | tarfile.open |
+| tarslip.py:12:7:12:39 | tarfile.open | tarslip.py:14:1:14:3 | tarfile.open |
+| tarslip.py:16:7:16:39 | tarfile.open | tarslip.py:17:14:17:16 | tarfile.open |
+| tarslip.py:16:7:16:39 | tarfile.open | tarslip.py:18:5:18:7 | tarfile.open |
+parents
+#select
+| tarslip.py:13:1:13:3 | Taint sink | tarslip.py:12:7:12:39 | tarfile.open | tarslip.py:13:1:13:3 | tarfile.open | Extraction of tarfile from $@ | tarslip.py:12:7:12:39 | Taint source | a potentially untrusted source |
+| tarslip.py:18:5:18:7 | Taint sink | tarslip.py:16:7:16:39 | tarfile.open | tarslip.py:18:5:18:7 | tarfile.open | Extraction of tarfile from $@ | tarslip.py:16:7:16:39 | Taint source | a potentially untrusted source |

python/ql/test/query-tests/Security/CWE-022/TarSlip.qlref

@@ -0,0 +1 @@
+Security/CWE-022/TarSlip.ql

python/ql/test/query-tests/Security/CWE-022/tarslip.py

@@ -0,0 +1,22 @@
+#!/usr/bin/python
+import tarfile
+
+unsafe_filename_tar = sys.argv[1]
+safe_filename_tar = "safe_path.tar"
+
+
+tar = tarfile.open(safe_filename_tar)
+for entry in tar:
+    tar.extract(entry)
+
+tar = tarfile.open(unsafe_filename_tar)
+tar.extractall()
+tar.close()
+
+tar = tarfile.open(unsafe_filename_tar)
+for entry in tar:
+    tar.extract(entry)
+
+tar = tarfile.open(safe_filename_tar)
+tar.extractall()
+tar.close()