Commitc47b437

authored

chore: comment no-lint on gosec for unsafe zip extracting (#20741)

1 parent7c8deaf commitc47b437Copy full SHA for c47b437

File tree

-1

lines changed

-1

lines changed

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,7 @@ func (l Layout) ExtractArchive(ctx context.Context, logger slog.Logger, fs afero`
`104`	`104`	`returnxerrors.Errorf("refusing to extract to non-local path")`
`105`	`105`	`}`
`106`	`106`
`107`		`-// nolint: gosec //TODO: Use relative paths insidetheworkdir only.`
	`107`	`+// nolint: gosec //Safe to no-lint becausethefilepath.IsLocal check above.`
`108`	`108`	`headerPath:=filepath.Join(l.WorkDirectory(),header.Name)`
`109`	`109`	`if!strings.HasPrefix(headerPath,filepath.Clean(l.WorkDirectory())) {`
`110`	`110`	`returnxerrors.New("tar attempts to target relative upper directory")`

Comments

(0)