You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
import Foundation
import ZIPFoundation
letfileManager=FileManager()varsourceURL=URL(fileURLWithPath:"/path/to/payload.zip")vardestinationURL=URL(fileURLWithPath:"/path/to/")do{try fileManager.createDirectory(at: destinationURL, withIntermediateDirectories: true, attributes:nil)try fileManager.unzipItem(at: sourceURL, to: destinationURL)}catch{print("Extraction of ZIP archive failed with error:\(error)")}
Expected Results
evil_symlink is not linked back after extraction
Actual Results
evil_symlink is linked back after extraction
Technical details
Upon extraction, the package passes the path coming from the zip entry directly to fileManager.createSymbolicLink without checking that it is located within extraction directory
Summary
The package does not check if symlinks are pointing to paths outside the extraction directory
Steps to Reproduce
1- Generate
payload.zip
using the following code:2- Extract
payload.zip
usingunzipItem
Expected Results
evil_symlink
is not linked back after extractionActual Results
evil_symlink
is linked back after extractionTechnical details
Upon extraction, the package passes the path coming from the zip entry directly to
fileManager.createSymbolicLink
without checking that it is located within extraction directoryThe text was updated successfully, but these errors were encountered: