Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit aef1df1

Browse files
ahmed-farid-devahmed-farid-dev
authored
Create zipslip_bad.py
1 parent c8f73ec commit aef1df1

1 file changed

Lines changed: 9 additions & 0 deletions

File tree

  • python/ql/test/experimental/query-tests/Security/CWE-022

python/ql/test/experimental/query-tests/Security/CWE-022/zipslip_bad.py

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
import zipfile
2+
import shutil
3+
4+
5+
zf = zipfile.ZipFile(filename)
6+
with zf.open() as zipf:
7+
#BAD : This could write any file on the filesystem.
8+
for entry in zipf:
9+
shutil.copy(entry, "/tmp/unpack/")

0 commit comments

Comments
 (0)