From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 6 Jun 2025 13:56:46 +0000 (+0200)
Subject: codeql: taint basename()
X-Git-Tag: v258-rc1~367
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=52c9a3c39252b870636391a6f34317a9d5cfba98;p=thirdparty%2Fsystemd.git

codeql: taint basename()
---

diff --git a/.github/codeql-queries/PotentiallyDangerousFunction.ql b/.github/codeql-queries/PotentiallyDangerousFunction.ql
index d5a5635c356..40e2bbb6f9e 100644
--- a/.github/codeql-queries/PotentiallyDangerousFunction.ql
+++ b/.github/codeql-queries/PotentiallyDangerousFunction.ql
@@ -49,6 +49,9 @@ predicate potentiallyDangerousFunction(Function f, string message) {
   ) or (
     f.getQualifiedName() = "dirname" and
     message = "Call dirname() is icky. Use path_extract_directory() instead."
+  ) or (
+    f.getQualifiedName() = "basename" and
+    message = "Call basename() is icky. Use path_extract_filename() instead."
   )
 }