mirror of
https://github.com/github/codeql.git
synced 2026-04-27 09:45:15 +02:00
b1d5d5bf86
ZipSlip can be avoided by checking that the combined and resolved path `StartsWith` the appropriate destination directory. Refine the `StartsWith` sanitizer to: * Consider expressions guarded by an appropriate StartsWith check to be sanitized. * Consider a StartsWith check to be inappropriate if it is checking the result of `Path.Combine`, as that has not been appropriately resolved. Tests have been updated to reflect this refinement.