Thanks to visit codestin.com Credit goes to github.com
We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 207ed3d commit 8ef2aa0Copy full SHA for 8ef2aa0
1 file changed
python/ql/src/experimental/Security/UnsafeUnpackQuery.qll
@@ -32,12 +32,13 @@ class UnsafeUnpackingConfig extends TaintTracking::Configuration {
32
or
33
// A source catching an S3 filename download
34
// see boto3: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3.html#S3.Client.download_file
35
- exists(MethodCallNode mcn, Node s3, Node bc |
36
- bc = API::moduleImport("boto3").getMember("client").getACall() and
37
- bc = s3.getALocalSource() and
38
- mcn.calls(s3, "download_file") and
39
- source = mcn.getArg(2)
40
- )
+ source =
+ API::moduleImport("boto3")
+ .getMember("client")
+ .getReturn()
+ .getMember("download_file")
+ .getACall()
41
+ .getArg(2)
42
43
// A source download a file using wget
44
// see wget: https://pypi.org/project/wget/
0 commit comments