sdk/python/Archives/PyZlib

PyZlib

The zlib module for compression. decompress() on untrusted input can consume unbounded memory (zip bomb / decompression amplification). Set max_length to cap output.

1 sink

Taint flow0 sources → 1 sink

Sinks — dangerous call

.decompress()Decompresses zlib / deflate data

Sinks

— dangerous functions taint must not reach

.decompress()Sink

Signature

zlib.decompress(data: bytes, wbits=MAX_WBITS, bufsize=DEF_BUF_SIZE) -> bytes

Decompresses zlib / deflate data. Decompression-bomb sink on untrusted input without length cap.

tracks:0

Other Methods

.decompressobj()Neutral

Signature

zlib.decompressobj(wbits=MAX_WBITS, zdict=b'') -> Decompress

Returns a streaming decompressor. Use with .decompress(data, max_length) to cap output.

Fully-Qualified Names

FQN	Field
zlib	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py

from codepathfinder.go_rule import PyZlib

← PreviousPyZipimport

Next →PyZstd