CodeQL library for Python
codeql/python-all 2.1.3-dev (changelog, source)
Search

Predicate TarSlip::tarFileInfoSanitizer

Holds if g clears taint for tarInfo.

The test if <check_path>(info.name) should clear taint for info, where <check_path> is any function matching "%path". info is assumed to be a TarInfo instance.

Import path

import semmle.python.security.dataflow.TarSlipCustomizations
predicate tarFileInfoSanitizer(GuardNode g, ControlFlowNode tarInfo, boolean branch)