Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix zipslip
  • Loading branch information
cokeBeer committed Nov 14, 2022
1 parent 965e4f0 commit d7b94fe
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions fsutil/operate.go
Expand Up @@ -2,11 +2,13 @@ package fsutil

import (
"archive/zip"
"fmt"
"io"
"io/ioutil"
"os"
"path"
"path/filepath"
"strings"
)

// Mkdir alias of os.MkdirAll()
Expand Down Expand Up @@ -317,7 +319,13 @@ func Unzip(archive, targetDir string) (err error) {
}

for _, file := range reader.File {

if strings.Contains(file.Name, "..") {
return fmt.Errorf("illegal file path in zip: %v", file.Name)
}

fullPath := filepath.Join(targetDir, file.Name)

if file.FileInfo().IsDir() {
err = os.MkdirAll(fullPath, file.Mode())
if err != nil {
Expand Down

0 comments on commit d7b94fe

Please sign in to comment.