Convert one zip slip barrier to MaD

owen-mc · owen-mc · commit 9d00fd73e3a8 · 2025-12-16T17:38:49.000Z
diff --git a/go/ql/lib/ext/archive.zip.model.yml b/go/ql/lib/ext/archive.zip.model.yml
@@ -1,4 +1,9 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: barrierModel
+    data:
+      - ["archive/zip", "File", True, "Open", "", "", "ReturnValue[0]", "go/zipslip", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
diff --git a/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll b/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll
@@ -53,18 +53,6 @@ module ZipSlip {
     }
   }
 
-  /**
-   * A zipped file, excluded from for zip slip.
-   */
-  class ZipFileOpen extends Sanitizer {
-    ZipFileOpen() {
-      this =
-        any(DataFlow::MethodCallNode mcn |
-          mcn.getTarget().hasQualifiedName("archive/zip", "File", "Open")
-        ).getResult(0)
-    }
-  }
-
   /** A path-traversal sink, considered as a taint sink for zip slip. */
   class TaintedPathSinkAsSink extends Sink instanceof TaintedPath::Sink {
     TaintedPathSinkAsSink() {
