Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 925f9d0

Browse files
Sim4n6yoff
Sim4n6
and
yoff
authored
Update python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql
Co-authored-by: yoff <[email protected]>
1 parent 9163cbe commit 925f9d0

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -101,10 +101,10 @@ class Configuration extends TaintTracking::Configuration {
101101
nodeTo = call
102102
)
103103
or
104-
exists(DataFlow::CallCfgNode closing |
104+
exists(API::CallNode closing |
105105
closing = API::moduleImport("contextlib").getMember("closing").getACall() and
106106
nodeFrom = closing.getArg(0) and
107-
nodeFrom = tarfileOpen().getACall() and
107+
nodeFrom = tarfileOpen().getReturn().getAValueReachingSink() and
108108
nodeTo = closing
109109
)
110110
}

0 commit comments

Comments
 (0)