Skip to content

Commit

Permalink
- try to fix zip-slip
Browse files Browse the repository at this point in the history
  • Loading branch information
@MatrixCrawler
MatrixCrawler committed Apr 8, 2024
1 parent fe07d8b commit 1044535
Showing 1 changed file with 14 additions and 15 deletions.
29 changes: 14 additions & 15 deletions lib/files.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,24 +57,23 @@ func Unzip(src string, dest string) ([]string, error) {

for _, f := range r.File {

filePath, _ := filepath.Abs(f.Name)
rc, err := f.Open()
if err != nil {
return filenames, err
}
defer rc.Close()

// Store filename/path for returning and using later on
fpath := filepath.Join(dest, f.Name)
filenames = append(filenames, fpath)
absoluteName, _ := filepath.Abs(f.Name)
if !strings.Contains(f.Name, "..") {
rc, err := f.Open()
if err != nil {
return filenames, err
}
defer rc.Close()

if f.FileInfo().IsDir() {
// Store filename/path for returning and using later on
fpath := filepath.Join(dest, absoluteName)
filenames = append(filenames, fpath)

// Make Folder
_ = os.MkdirAll(fpath, os.ModePerm)
if f.FileInfo().IsDir() {

} else {
if !strings.Contains(filePath, "..") {
// Make Folder
_ = os.MkdirAll(fpath, os.ModePerm)
} else {
// Make File
if err = os.MkdirAll(filepath.Dir(fpath), os.ModePerm); err != nil {
return filenames, err
Expand Down

0 comments on commit 1044535

Please sign in to comment.