Skip to content

Replace archiver library #3729

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Replace archiver library #3729

wants to merge 1 commit into from

Conversation

MDrakos
Copy link
Member

@MDrakos MDrakos commented Sep 4, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 4, 2025
View reviewed changes
internal/archiver/archiver.go
return File{}, fmt.Errorf("archive not opened")
}

header, err := tgz.reader.Next()

Check failure

Code scanning / CodeQL

Arbitrary file access during archive extraction ("Zip Slip") High

Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
@MDrakos MDrakos force-pushed the miked/archives-patch branch from 2f298ec to 4c9b50e Compare September 4, 2025 19:05
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 4, 2025
View reviewed changes
@MDrakos MDrakos force-pushed the miked/archives-patch branch from 4c9b50e to 562cdc5 Compare September 4, 2025 20:01
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 4, 2025
View reviewed changes
internal/archiver/archiver.go
func (f File) getHeaderName() (string, error) {
var rawName string
if header, ok := f.Header.(*tar.Header); ok {
rawName = header.Name

Check failure

Code scanning / CodeQL

Arbitrary file write extracting an archive containing symbolic links High

Unresolved path from an archive header, which may point outside the archive root, is used in
symlink creation
Loading
.
internal/archiver/archiver.go
if header, ok := f.Header.(*tar.Header); ok {
rawName = header.Name
} else if header, ok := f.Header.(zip.FileHeader); ok {
rawName = header.Name

Check failure

Code scanning / CodeQL

Arbitrary file write extracting an archive containing symbolic links High

Unresolved path from an archive header, which may point outside the archive root, is used in
symlink creation
Loading
.
internal/archiver/archiver.go
}

// Access file object - path validation happens immediately after
file := z.reader.File[z.currentFile]

Check failure

Code scanning / CodeQL

Arbitrary file access during archive extraction ("Zip Slip") High

Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Unsanitized archive entry, which may contain '..', is used in a
file system operation
Loading
.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Test: critical
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MDrakos