Skip to content
This repository has been archived by the owner on Feb 20, 2020. It is now read-only.

Commit

Permalink
Bug 1466872: Fix zip slip vulnerability
Browse files Browse the repository at this point in the history 
Ref: https://snyk.io/research/zip-slip-vulnerability
  • Loading branch information
Wander Lairson Costa committed Jun 7, 2018
1 parent 8cece2c commit 23e2a8f
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions aws.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"io"
"io/ioutil"
"log"
Expand Down Expand Up @@ -150,6 +151,11 @@ func Unzip(b []byte, dest string) error {

path := filepath.Join(dest, f.Name)

// Fix for https://snyk.io/research/zip-slip-vulnerability
if !strings.HasPrefix(path, dest) {
return fmt.Errorf("%s: illegal path", f.Name)
}

if f.FileInfo().IsDir() {
os.MkdirAll(path, f.Mode())
} else {
Expand Down

0 comments on commit 23e2a8f

Please sign in to comment.