codeql/python/change-notes/2021-10-28-flask-send_file.md

lgtm,codescanning

• Added modeling of the send_from_directory and send_file functions from the flask PyPI package, resulting in additional sinks for the Uncontrolled data used in path expression (py/path-injection) query. This addition was originally submitted as an external contribution by @porcupineyhairs.