python: More helpful comment

yoff · web-flow · commit cf9b69b5f24d · 2022-06-30T13:07:13.000Z
diff --git a/python/ql/lib/semmle/python/security/dataflow/TarSlipCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/TarSlipCustomizations.qll
@@ -119,7 +119,7 @@ module TarSlip {
       attr.getName() = "name" and
       attr.getObject() = tarInfo
     |
-      // Assume that any test with "path" in it is a sanitizer
+      // The assumption that any test that matches %path is a sanitizer might be too broad.
       call.getAChild*().(AttrNode).getName().matches("%path")
       or
       call.getAChild*().(NameNode).getId().matches("%path")

Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ module TarSlip {`
`119`	`119`	`attr.getName() = "name" and`
`120`	`120`	`attr.getObject() = tarInfo`
`121`	`121`	`\|`
`122`		`- // Assume that any test with "path" in it is a sanitizer`
	`122`	`+ // The assumption that any test that matches %path is a sanitizer might be too broad.`
`123`	`123`	`call.getAChild*().(AttrNode).getName().matches("%path")`
`124`	`124`	`or`
`125`	`125`	`call.getAChild*().(NameNode).getId().matches("%path")`