mirror of
https://github.com/github/codeql.git
synced 2025-12-24 20:56:33 +01:00
95e9284d08
Adds support for extraction filters as defined in https://peps.python.org/pep-0706/ and implemented in Python 3.12. By my reading, setting the filter to `'data'` or `'tar'` is probably safe, whereas `'fully_trusted'` or the default (which is the same as `None`) is not. For now, I have just added this modelling to the tarslip query. We could also share it with the modelling of `shutil.unpack_archive` (which has also gained a `filter` argument), but it was unclear to me where we should put this modelling in that case. Perhaps the best solution would be to merge the experimental `py/tarslip-extended` query into the existing query (in which case the current location is perhaps not too bad).