taint-analysis

I wrote some of the code to do this in a branch https://github.com/python-security/pyt/compare/class_based_views, but since I'm working on other things and this feature seems cool and important I'm making this issue 👍

Let me know if you would like any help in implementing.

Description

The class ZipEntry describe one file inside a Zip archive. getName() return the file name from this file. It could contain a malicious string such as "../../../". If the value is used to build a file path, it could lead to a

taint-analysis

Here are 43 public repositories matching this topic...

facebook / pyre-check

vimeo / psalm

python-security / pyt

Support class-based views

Improve test coverage from 91% to 100%

Add docstrings to everything

JonathanSalwan / Triton

find-sec-bugs / find-sec-bugs

Potential path traversal when using filename from Zip archive

Description

WebEngine / JSObject.setMember while embedding untrusted content

SECRD ReDOS false negative with javax.validation.constraints.Pattern

BinaryAnalysisPlatform / bap

airbus-seclab / bincat

AngoraFuzzer / Angora

decaf-project / DECAF

JonathanSalwan / Tigress_protection

wmkhoo / taintgrind

GlacierW / MBA

AngoraFuzzer / libdft64

feliam / klee-taint

brainsmoke / minemu

vanhauser-thc / dynTaintTracer

akwick / gotcha

DhavalKapil / stack-guard

decaf-project / Droidscope

agustingianni / instrumentation

wikimedia / phan-taint-check-plugin

mnavaki / PIITracker

mnavaki / FAROS

andreafioraldi / taint-with-frida

teambi0s / secREtary

aronszanto / wasm-taint-tracking

Invizory / taintflow

jjanczur / Saluki

JetBrains-Research / CoFRA

enzet / program-model

Improve this page

Add this topic to your repo