File tree 1 file changed +2
-3
lines changed
python/ql/src/experimental/Security/CWE-022
1 file changed +2
-3
lines changed Original file line number Diff line number Diff line change @@ -28,8 +28,7 @@ written to <code>c:\sneaky-file</code>.</p>
2828<p >Ensure that output paths constructed from Zip archive entries are validated
2929to prevent writing files to unexpected locations.</p >
3030
31- <p >The recommended way of writing an output file from a Zip archive entry is to use
32- this function instead of <code >extract()</code > or <code >extractall()</code >.
31+ <p >The recommended way of writing an output file from a Zip archive entry is to call <code >extract()</code > or <code >extractall()</code >.
3332</p >
3433
3534</recommendation >
@@ -41,7 +40,7 @@ In this example an archive is extracted without validating file paths.
4140
4241<sample src =" zipslip_bad.py"
4342
44- <p >To fix this vulnerability, we need to this function <code >extractall()</code >.
43+ <p >To fix this vulnerability, we need to call the function <code >extractall()</code >.
4544</p >
4645
4746<sample src =" zipslip_good.py"
You can’t perform that action at this time.
0 commit comments