codeql/go/old-change-notes/2020-11-04-unsafe-unzip-symlink.md

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
lgtm,codescanning
* A new query `go/unsafe-unzip-symlink` has been added. The query checks for extracting symbolic links from an archive without using `filepath.EvalSymlinks`. This could lead to a file being written outside the destination directory.
	`lgtm,codescanning`
	* A new query `go/unsafe-unzip-symlink` has been added. The query checks for extracting symbolic links from an archive without using `filepath.EvalSymlinks`. This could lead to a file being written outside the destination directory.