Module TarSlip

Provides default sources, sinks and sanitizers for detecting “tar slip” vulnerabilities, as well as extension points for adding your own.

Import path

import semmle.python.security.dataflow.TarSlipCustomizations

Holds if g clears taint for tarInfo.

ExcludeTarFilePy	A sanitizer based on file name. This because we extract the standard library.
ExtractAllSink	A sink capturing method calls to `extractall`.
ExtractMembersSink	The `members` argument `extractall` is considered a sink.
ExtractSink	An argument to `extract` is considered a sink.
Sanitizer	A sanitizer for “tar slip” vulnerabilities.
Sink	A data flow sink for “tar slip” vulnerabilities.
Source	A data flow source for “tar slip” vulnerabilities.
TarFileInfoSanitizer	A sanitizer guard heuristic.
TarfileOpen	A call to `tarfile.open`, considered as a flow source.