hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
z80coder/query-pack-release-candidate-2
codeql/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipGood.js
Erik Krogh Kristensen 7c51dff0f7 share implementation between TaintedPath and ZipSlip
2020-05-20 10:10:04 +02:00

40 lines
954 B
JavaScript
Raw Permalink Blame History

const fs = require('fs');
const unzip = require('unzip');
const path = require('path');
fs.createReadStream('archive.zip')
.pipe(unzip.Parse())
.on('entry', entry => {
const fileName = entry.path;
if (fileName.indexOf('..') == -1) {
entry.pipe(fs.createWriteStream(fileName));
}
else {
console.log('skipping bad path', fileName);
}
fs.createWriteStream(path.join(cwd, path.join('/', fileName)));
});
fs.createReadStream('archive.zip')
.pipe(unzip.Parse())
.on('entry', entry => {
const fileName = path.normalize(entry.path);
if (path.isAbsolute(fileName)) {
return;
}
if (!fileName.startsWith(".")) {
entry.pipe(fs.createWriteStream(fileName)); // OK.
}
});
fs.createReadStream('archive.zip')
.pipe(unzip.Parse())
.on('entry', entry => {
const fileName = path.normalize(entry.path);
entry.pipe(fs.createWriteStream(path.basename(fileName))); // OK.
});
Reference in New Issue View Git Blame Copy Permalink