Update zipslip_bad.py

ahmed-farid-dev · web-flow · commit e8449d8f403a · 2022-03-07T00:23:03.000+01:00
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-022/zipslip_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-022/zipslip_bad.py
@@ -7,3 +7,11 @@ def unzip(filename):
     #BAD : This could write any file on the filesystem.
       for entry in zipf:
           shutil.copy(entry, "/tmp/unpack/")
+          
+def unzip1(filename):
+
+
+   with zipfile.ZipFile(filename) as zipf:
+      for entry in zipf:
+         with open(entry, 'wb') as dstfile:
+            shutil.copyfileobj(zipf, dstfile)
