Update zipslip_bad.py

ahmed-farid-dev · web-flow · commit 908db6a05fcd · 2022-03-07T00:01:09.000+01:00
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-022/zipslip_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-022/zipslip_bad.py
@@ -2,8 +2,8 @@
 import shutil
 
 def unzip(filename):
-  zf = zipfile.ZipFile()
-    with zf.open(filename) as zipf:
+
+   with zipfile.ZipFile(filename) as zipf:
     #BAD : This could write any file on the filesystem.
-       for entry in zipf:
-          shutil.copyfileobj(entry, "/tmp/unpack/")
+      for entry in zipf:
+          shutil.copy(entry, "/tmp/unpack/")
