codeql/2020-11-04-unsafe-unzip-symlink.md at main - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00

Files

Chuan-kai Lin aa514fff32 codeql-go merge prep: move into go/ directory

2022-05-20 10:07:19 -07:00

251 B

Raw Permalink Blame History

lgtm,codescanning

A new query go/unsafe-unzip-symlink has been added. The query checks for extracting symbolic links from an archive without using filepath.EvalSymlinks. This could lead to a file being written outside the destination directory.