CodeQL library for Python
codeql/python-all 0.6.5 (changelog, source)
Search

Module TarSlip

Provides default sources, sinks and sanitizers for detecting “tar slip” vulnerabilities, as well as extension points for adding your own.

Import path

import semmle.python.security.dataflow.TarSlipCustomizations

Predicates

tarFileInfoSanitizer

Holds if g clears taint for tarInfo.

Classes

ExcludeTarFilePy

A sanitizer based on file name. This because we extract the standard library.

ExtractAllSink

A sink capturing method calls to extractall.

ExtractMembersSink

The members argument extractall is considered a sink.

ExtractSink

An argument to extract is considered a sink.

Sanitizer

A sanitizer for “tar slip” vulnerabilities.

Sink

A data flow sink for “tar slip” vulnerabilities.

Source

A data flow source for “tar slip” vulnerabilities.

TarFileInfoSanitizer

A sanitizer guard heuristic.

TarfileOpen

A call to tarfile.open, considered as a flow source.