Update zipslip_bad.py

ahmed-farid-dev · web-flow · commit 8dea7248ea14 · 2022-03-24T00:34:52.000+01:00
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-022/zipslip_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-022/zipslip_bad.py
@@ -5,34 +5,33 @@
 import zipfile
 
 def unzip(filename):
-
-   with tarfile.open(filename) as zipf:
+    with tarfile.open(filename) as zipf:
     #BAD : This could write any file on the filesystem.
-      for entry in zipf:
-          shutil.move(entry, "/tmp/unpack/")
+        for entry in zipf:
+            shutil.move(entry, "/tmp/unpack/")
           
 def unzip1(filename):
-   with gzip.open(filename) as zipf:
+    with gzip.open(filename) as zipf:
     #BAD : This could write any file on the filesystem.
-      for entry in zipf:
-          shutil.copy2(entry, "/tmp/unpack/")
+        for entry in zipf:
+            shutil.copy2(entry, "/tmp/unpack/")
           
 def unzip2(filename):
-   with bz2.open(filename) as zipf:
+    with bz2.open(filename) as zipf:
     #BAD : This could write any file on the filesystem.
-      for entry in zipf:
-          shutil.copyfile(entry, "/tmp/unpack/")
+        for entry in zipf:
+            shutil.copyfile(entry, "/tmp/unpack/")
           
 def unzip3(filename):
-   with zipfile.ZipFile(filename) as zipf:
+    with zipfile.ZipFile(filename) as zipf:
     #BAD : This could write any file on the filesystem.
-      for entry in zipf:
-          shutil.copy(entry, "/tmp/unpack/")
+        for entry in zipf:
+            shutil.copy(entry, "/tmp/unpack/")
 
 def unzip4(filename):
-   with zipfile.ZipFile(filename) as zipf:
-      for entry in zipf:
-         with open(entry, 'wb') as dstfile:
-            shutil.copyfileobj(zipf, dstfile)
+    with zipfile.ZipFile(filename) as zipf:
+        for entry in zipf:
+            with open(entry, 'wb') as dstfile:
+                shutil.copyfileobj(zipf, dstfile)
           
 
