Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 25a7fcf

Browse files
Sim4n6Sim4n6
committed
Add an additional taint step
1 parent d6fa745 commit 25a7fcf

1 file changed

Lines changed: 8 additions & 1 deletion

File tree

python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ class AllTarfileOpens extends API::CallNode {
5555
class Configuration extends TaintTracking::Configuration {
5656
Configuration() { this = "TarSlip" }
5757

58-
override predicate isSource(DataFlow::Node source) { source instanceof AllTarfileOpens }
58+
override predicate isSource(DataFlow::Node source) { source = tarfileOpen().getACall() }
5959

6060
override predicate isSink(DataFlow::Node sink) {
6161
// A sink capturing method calls to `extractall` without `members` argument.
@@ -99,6 +99,13 @@ class Configuration extends TaintTracking::Configuration {
9999
nodeFrom = call.getObject() and
100100
nodeTo = call
101101
)
102+
or
103+
exists(DataFlow::CallCfgNode closing |
104+
closing = API::moduleImport("contextlib").getMember("closing").getACall() and
105+
nodeFrom = closing.getArg(0) and
106+
nodeFrom = tarfileOpen().getACall() and
107+
nodeTo = closing
108+
)
102109
}
103110
}
104111

0 commit comments

Comments
 (0)