Changes from feedback

redhat-developer · May 1, 2020 · dca7532 · dca7532
1 parent 4968786
commit dca7532
Showing 1 changed file with 38 additions and 13 deletions.
diff --git a/pkg/util/util.go b/pkg/util/util.go
@@ -801,7 +801,8 @@ func GetGitHubZipURL(repoURL string) (string, error) {
 }
 
 // GetAndExtractZip downloads a zip file from a URL with a http prefix or
-// takes an absolute path prefixed with file:// and extracts it to a destination
+// takes an absolute path prefixed with file:// and extracts it to a destination.
+// pathToUnzip specifies the path within the zip folder to extract
 func GetAndExtractZip(zipURL string, destination string, pathToUnzip string) error {
 	if zipURL == "" {
 		return errors.Errorf("Empty zip url: %s", zipURL)
@@ -842,15 +843,16 @@ func GetAndExtractZip(zipURL string, destination string, pathToUnzip string) err
 	}
 
 	if len(filenames) == 0 {
-		return errors.Errorf("No files were unzipped, ensure that the project repo is not empty or that sparseCheckoutDir has a valid path")
+		return errors.New("No files were unzipped, ensure that the project repo is not empty or that sparseCheckoutDir has a valid path")
 	}
 
 	return nil
 }
 
-// Unzip will decompress a zip archive, moving all files and folders
-// within the zip file (parameter 1) to an output directory (parameter 2).
+// Unzip will decompress a zip archive, moving specified files and folders
+// within the zip file (parameter 1) to an output directory (parameter 2)
 // Source: https://golangcode.com/unzip-files-in-go/
+// pathToUnzip (parameter 3) is the path within the zip folder to extract
 func Unzip(src, dest, pathToUnzip string) ([]string, error) {
 	var filenames []string
 
@@ -867,12 +869,6 @@ func Unzip(src, dest, pathToUnzip string) ([]string, error) {
 		if filename == "" {
 			continue
 		}
-		fpath := filepath.Join(dest, filename)
-
-		// Check for ZipSlip. More Info: http://bit.ly/2MsjAWE
-		if !strings.HasPrefix(fpath, filepath.Clean(dest)+string(os.PathSeparator)) {
-			return filenames, fmt.Errorf("%s: illegal file path", fpath)
-		}
 
 		// if sparseCheckoutDir has a pattern
 		match, err := filepath.Match(pathToUnzip, filename)
@@ -883,12 +879,31 @@ func Unzip(src, dest, pathToUnzip string) ([]string, error) {
 		// removes first slash of pathToUnzip if present
 		pathToUnzip = strings.TrimPrefix(pathToUnzip, "/")
 
+		// destination filepath before trim
+		fpath := filepath.Join(dest, filename)
+
+		// used for pattern matching
+		fpathDir := filepath.Dir(fpath)
+
 		// check for prefix or match
-		if strings.HasPrefix(filename, pathToUnzip) || match {
-			filenames = append(filenames, fpath)
-		} else {
+		if strings.HasPrefix(filename, pathToUnzip) {
+			filename = strings.TrimPrefix(filename, pathToUnzip)
+		} else if !strings.HasPrefix(filename, pathToUnzip) && !match && !sliceContainsString(fpathDir, filenames) {
 			continue
 		}
+		// adds trailing slash to destination if needed as filepath.Join removes it
+		if (len(filename) == 1 && os.IsPathSeparator(filename[0])) || len(filename) == 0 {
+			fpath = dest + string(os.PathSeparator)
+		} else {
+			fpath = filepath.Join(dest, filename)
+		}
+		// Check for ZipSlip. More Info: http://bit.ly/2MsjAWE
+		if !strings.HasPrefix(fpath, filepath.Clean(dest)+string(os.PathSeparator)) {
+			return filenames, fmt.Errorf("%s: illegal file path", fpath)
+		}
+
+		filenames = append(filenames, fpath)
+
 		if f.FileInfo().IsDir() {
 			// Make Folder
 			if err = os.MkdirAll(fpath, os.ModePerm); err != nil {
@@ -998,3 +1013,13 @@ func CheckKubeConfigExist() bool {
 
 	return false
 }
+
+// sliceContainsString checks for existence of given string in given slice
+func sliceContainsString(str string, slice []string) bool {
+	for _, b := range slice {
+		if b == str {
+			return true
+		}
+	}
+	return false
+}