Skip to content

Commit

Permalink
fix(go1.21.0): fix download bug with 1.21.0
Browse files Browse the repository at this point in the history
  • Loading branch information
Ankit Charolia committed Aug 16, 2023
1 parent 0af7088 commit 6116c1d
Showing 1 changed file with 28 additions and 22 deletions.
50 changes: 28 additions & 22 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,26 +135,25 @@ func installGoVersion(version string) {

// Extract the archive to the desired installation location
installPath := filepath.Join(os.Getenv("HOME"), ".go", version)
err = extractTarGz(reader, installPath)
if err != nil {
log.Fatalf("Failed to extract Go version: %v", err)
if err := extractAndCopy(reader, installPath); err != nil {
log.Fatalf("Failed to extract and copy: %v", err)
}

bar.Finish()
fmt.Printf("Go version %s is installed at %s.\n", version, installPath)
}

// extractTarGz extracts the contents of a tar.gz archive to the specified directory.
func extractTarGz(src io.Reader, dest string) error {
gzr, err := gzip.NewReader(src)
func extractAndCopy(reader io.Reader, destination string) error {
gzr, err := gzip.NewReader(reader)
if err != nil {
return err
}
defer gzr.Close()

tr := tar.NewReader(gzr)
baseDir := ""

var baseDir string // To handle cases where the archive contains a single top-level directory
for {
header, err := tr.Next()

Check failure

Code scanning / CodeQL

Arbitrary file access during archive extraction ("Zip Slip") High

Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
if err == io.EOF {
Expand All @@ -174,25 +173,32 @@ func extractTarGz(src io.Reader, dest string) error {
baseDir = filepath.Dir(header.Name)
}

// Extract the files and directories to the correct location
path := filepath.Join(dest, strings.TrimPrefix(header.Name, baseDir))
switch header.Typeflag {
case tar.TypeDir:
err = os.MkdirAll(path, os.ModePerm)
if err != nil {
return err
}
case tar.TypeReg:
file, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))
if err != nil {
return err
}
defer file.Close()
// Construct the destination path
destPath := filepath.Join(destination, strings.TrimPrefix(header.Name, baseDir))

_, err = io.Copy(file, tr)
if err != nil {
// Create directories if needed
if header.Typeflag == tar.TypeDir {
if err := os.MkdirAll(destPath, os.FileMode(header.Mode)); err != nil {
return err
}
continue
}

// Create the parent directory if needed
if err := os.MkdirAll(filepath.Dir(destPath), 0755); err != nil {
return err
}

// Create and copy the file
file, err := os.OpenFile(destPath, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))
if err != nil {
return err
}
defer file.Close()

_, err = io.Copy(file, tr)
if err != nil {
return err
}
}

Expand Down

0 comments on commit 6116c1d

Please sign in to comment.