Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8649375

Browse files
ahmed-farid-devahmed-farid-dev
authored
Update ZipSlip.qll
1 parent 91b5f2a commit 8649375

1 file changed

Lines changed: 7 additions & 3 deletions

File tree

  • python/ql/src/experimental/semmle/python/security

python/ql/src/experimental/semmle/python/security/ZipSlip.qll

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,11 @@ import semmle.python.dataflow.new.TaintTracking
66
class ZipSlipConfig extends TaintTracking::Configuration {
77
ZipSlipConfig() { this = "ZipSlipConfig" }
88

9-
override predicate isSource(DataFlow::Node source) { source = any(CopyFile copyfile).getAPathArgument() }
10-
11-
override predicate isSink(DataFlow::Node sink) { sink = any(ZipFile zipfile).getAnInput() }
9+
override predicate isSource(DataFlow::Node source) {
10+
source = API::moduleImport("zipfile").getMember("ZipFile").getACall()
11+
}
12+
13+
override predicate isSink(DataFlow::Node sink) {
14+
sink = any(CopyFile copyfile).getAPathArgument()
15+
}
1216
}

0 commit comments

Comments
 (0)