Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ddba3b7

Browse files
ahmed-farid-devahmed-farid-dev
authored
Update ZipSlip.qll
1 parent 0fac4f1 commit ddba3b7

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

  • python/ql/src/experimental/semmle/python/security

python/ql/src/experimental/semmle/python/security/ZipSlip.qll

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,8 @@ class ZipSlipConfig extends TaintTracking::Configuration {
88
ZipSlipConfig() { this = "ZipSlipConfig" }
99

1010
override predicate isSource(DataFlow::Node source) {
11-
source = API::moduleImport("zipfile").getMember("ZipFile").getACall() or
11+
source.asCfgNode().(CallNode).getFunction().(AttrNode).getObject("open").pointsTo().getClass() = Module::named("zipfile").attr("ZipFile") or
12+
source.asCfgNode().(CallNode).getFunction().(AttrNode).getObject("namelist").pointsTo().getClass() = Module::named("zipfile").attr("ZipFile") or
1213
source = API::moduleImport("tarfile").getMember("open").getACall() or
1314
source = API::moduleImport("tarfile").getMember("TarFile").getACall() or
1415
source = API::moduleImport("bz2").getMember("open").getACall() or
@@ -20,6 +21,7 @@ class ZipSlipConfig extends TaintTracking::Configuration {
2021
}
2122

2223
override predicate isSink(DataFlow::Node sink) {
23-
sink = any(CopyFile copyfile).getAPathArgument()
24+
sink = any(CopyFile copyfile).getAPathArgument() or
25+
sink = any(CopyFile copyfile).getfsrcArgument()
2426
}
2527
}

0 commit comments

Comments
 (0)