Skip to content

Commit 8e11c2c

Browse files
yoffyoff
authored
Merge pull request #7259 from RasmusWL/even-more-path-injection-sinks
Python: Add more path-injection sinks from `os` and `tempfile` modules
2 parents 9ffa236 + cbd7434 commit 8e11c2c

File tree

6 files changed

+981
-74
lines changed

6 files changed

+981
-74
lines changed

python/change-notes/2021-11-16-os-stat.md

Lines changed: 0 additions & 2 deletions
This file was deleted.

python/change-notes/2021-11-26-os-file-access.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
lgtm,codescanning
2+
* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. All of these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.

python/change-notes/2021-11-26-tempfile-file-access.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
lgtm,codescanning
2+
* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. The `suffix`, `prefix`, and `dir` arguments are all vulnerable to path-injection, and these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.

0 commit comments

Comments
 (0)