Thanks to visit codestin.com Credit goes to github.com
We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 27b9d6c commit 475cca0Copy full SHA for 475cca0
1 file changed
python/ql/src/experimental/semmle/python/security/ZipSlip.qll
@@ -13,7 +13,9 @@ class ZipSlipConfig extends TaintTracking::Configuration {
13
source = API::moduleImport("bz2").getMember("open").getACall() or
14
source = API::moduleImport("bz2").getMember("BZ2File").getACall() or
15
source = API::moduleImport("gzip").getMember("GzipFile").getACall() or
16
- source = API::moduleImport("gzip").getMember("open").getACall()
+ source = API::moduleImport("gzip").getMember("open").getACall() or
17
+ source = API::moduleImport("lzma").getMember("open").getACall() or
18
+ source = API::moduleImport("lzma").getMember("LZMAFile").getACall()
19
}
20
21
override predicate isSink(DataFlow::Node sink) {
0 commit comments