Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 21f6ad5

Browse files
ahmed-farid-devahmed-farid-dev
authored
Update and rename ZipSlipCheck.ql to ZipSlip.ql
1 parent c207294 commit 21f6ad5

1 file changed

Lines changed: 3 additions & 21 deletions

File tree

  • python/ql/src/experimental/Security/CWE-022

python/ql/src/experimental/Security/CWE-022/ZipSlipCheck.ql renamed to python/ql/src/experimental/Security/CWE-022/ZipSlip.ql

Lines changed: 3 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -19,31 +19,13 @@ import semmle.python.ApiGraphs
1919
import ZipSlipCheckLib
2020
import DataFlow::PathGraph
2121

22-
/**
23-
* Taint-tracking configuration tracing flow from opening a zipfile to copy to another place.
24-
*/
25-
26-
class ZipSlipConfig extends TaintTracking::Configuration {
27-
ZipSlipConfig() { this = "ZipSlipConfig" }
22+
import python
23+
import experimental.semmle.python.security.ZipSlip
24+
import DataFlow::PathGraph
2825

29-
override predicate isSource(DataFlow::Node source) {
30-
source instanceof OpenZipFile
31-
}
3226

33-
override predicate isSink(DataFlow::Node sink) {
34-
sink instanceof CopyZipFile
35-
}
36-
37-
override predicate isSanitizer(DataFlow::Node node) {
38-
exists(Subscript ss |
39-
ss.getObject().(Call).getFunc().(Attribute).getName().matches("%path") and
40-
ss = node.asExpr()
41-
)
42-
}
43-
}
4427
from ZipSlipConfig config, DataFlow::PathNode source,
4528
DataFlow::PathNode sink
4629
where config.hasFlowPath(source, sink)
4730
select sink.getNode(), source, sink, "Extraction of zipfile from $@", source.getNode(),
4831
"a potentially untrusted source"
49-

0 commit comments

Comments
 (0)