Skip to content

Commit

Permalink
Fix code scanning alert #1: Arbitrary file access during archive extr…
Browse files Browse the repository at this point in the history 
…action ("Zip Slip")

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@zulkhair @github-advanced-security
zulkhair and github-advanced-security[bot] authored Sep 20, 2024
1 parent 69e78c9 commit 181b054
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions common/teacmd/editor.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,10 @@ func unzipFile(filename string, targetDir string) error {
var originalDir string
for i, file := range reader.File {
if i == 0 {
originalDir = file.Name
originalDir, err = sanitizeExtractPath(filepath.Dir(targetDir), file.Name)
if err != nil {
return err

Check warning on line 207 in common/teacmd/editor.go

View check run for this annotation

Codecov / codecov/patch

common/teacmd/editor.go#L207 

Added line #L207 was not covered by tests
}
}

src, err := file.Open()
Expand Down Expand Up @@ -235,7 +238,7 @@ func unzipFile(filename string, targetDir string) error {
dst.Close()
}

if err = os.Rename(filepath.Join(filepath.Dir(targetDir), originalDir), targetDir); err != nil {
if err = os.Rename(originalDir, targetDir); err != nil {
return err
}

Expand Down

0 comments on commit 181b054

Please sign in to comment.