File tree Expand file tree Collapse file tree 1 file changed +4
-11
lines changed
python/ql/lib/semmle/python/security/dataflow Expand file tree Collapse file tree 1 file changed +4
-11
lines changed Original file line number Diff line number Diff line change @@ -84,26 +84,19 @@ module TarSlip {
8484 * A sink capturing method calls to `extractall`.
8585 *
8686 * For a call to `file.extractall`, `file` is considered a sink if
87- *
88- * - there are no other arguments, or
89- * - there are other arguments (except `members`), and the extraction filter is unsafe.
87+ * there is no `members` argument and the extraction filter is unsafe.
9088 */
9189 class ExtractAllSink extends Sink {
9290 ExtractAllSink ( ) {
93- exists ( DataFlow :: CallCfgNode call |
91+ exists ( API :: CallNode call |
9492 call =
9593 API:: moduleImport ( "tarfile" )
9694 .getMember ( "open" )
9795 .getReturn ( )
9896 .getMember ( "extractall" )
9997 .getACall ( ) and
100- (
101- not exists ( call .getArg ( _) ) and
102- not exists ( call .getArgByName ( _) )
103- or
104- hasUnsafeFilter ( call )
105- ) and
106- not exists ( call .getArgByName ( "members" ) ) and
98+ hasUnsafeFilter ( call ) and
99+ not exists ( call .getParameter ( 2 , "members" ) ) and
107100 this = call .( DataFlow:: MethodCallNode ) .getObject ( )
108101 )
109102 }
You can’t perform that action at this time.
0 commit comments