Thanks to visit codestin.com Credit goes to github.com
We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 3b8c7e8 commit 23bd53aCopy full SHA for 23bd53a
1 file changed
python/ql/test/experimental/query-tests/Security/CWE-022/zipslip_good.py
@@ -1,4 +1,6 @@
1
import zipfile
2
+import tarfile
3
+import shutil
4
5
def unzip(filename, dir):
6
zf = zipfile.ZipFile(filename)
@@ -8,3 +10,11 @@ def unzip(filename, dir):
8
10
def unzip1(filename, dir):
9
11
12
zf.extract(dir)
13
+
14
+def unzip2(filename):
15
+ with tarfile.open(filename) as tar:
16
+ for entry in tar:
17
+ #GOOD: Check that entry is safe
18
+ if os.path.isabs(entry.name) or ".." in entry.name:
19
+ raise ValueError("Illegal tar archive entry")
20
+ shutil.copy(entry, "/tmp/unpack/")
0 commit comments