Update ZipSlip.qll

ahmed-farid-dev · web-flow · commit 5e14d89714dd · 2022-03-03T17:12:06.000+01:00
diff --git a/python/ql/src/experimental/semmle/python/security/ZipSlip.qll b/python/ql/src/experimental/semmle/python/security/ZipSlip.qll
@@ -6,7 +6,7 @@ import semmle.python.dataflow.new.TaintTracking
 class ZipSlipConfig extends TaintTracking::Configuration {
   ZipSlipConfig() { this = "ZipSlipConfig" }
 
-  override predicate isSource(DataFlow::Node source) { source = any(OpenFile openfile).getAPathArgument() }
+  override predicate isSource(DataFlow::Node source) { source = any(CopyFile copyfile).getAPathArgument() }
 
   override predicate isSink(DataFlow::Node sink) { sink = any(ZipFile zipfile).getAnInput() }
 }

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ import semmle.python.dataflow.new.TaintTracking`
`6`	`6`	`class ZipSlipConfig extends TaintTracking::Configuration {`
`7`	`7`	`ZipSlipConfig() { this = "ZipSlipConfig" }`
`8`	`8`
`9`		`- override predicate isSource(DataFlow::Node source) { source = any(OpenFile openfile).getAPathArgument() }`
	`9`	`+ override predicate isSource(DataFlow::Node source) { source = any(CopyFile copyfile).getAPathArgument() }`
`10`	`10`
`11`	`11`	`override predicate isSink(DataFlow::Node sink) { sink = any(ZipFile zipfile).getAnInput() }`
`12`	`12`	`}`