aboutsummaryrefslogtreecommitdiffhomepage
path: root/vendor/github.com/hashicorp/go-getter/decompress_zip.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/hashicorp/go-getter/decompress_zip.go')
-rw-r--r--vendor/github.com/hashicorp/go-getter/decompress_zip.go5
1 files changed, 5 insertions, 0 deletions
diff --git a/vendor/github.com/hashicorp/go-getter/decompress_zip.go b/vendor/github.com/hashicorp/go-getter/decompress_zip.go
index a065c07..b0e70ca 100644
--- a/vendor/github.com/hashicorp/go-getter/decompress_zip.go
+++ b/vendor/github.com/hashicorp/go-getter/decompress_zip.go
@@ -42,6 +42,11 @@ func (d *ZipDecompressor) Decompress(dst, src string, dir bool) error {
42 for _, f := range zipR.File { 42 for _, f := range zipR.File {
43 path := dst 43 path := dst
44 if dir { 44 if dir {
45 // Disallow parent traversal
46 if containsDotDot(f.Name) {
47 return fmt.Errorf("entry contains '..': %s", f.Name)
48 }
49
45 path = filepath.Join(path, f.Name) 50 path = filepath.Join(path, f.Name)
46 } 51 }
47 52
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 07:36:14 +0000