Skip to content

Commit

Permalink
chore: file compile error
Browse files Browse the repository at this point in the history
  • Loading branch information
@kevwan
kevwan committed Jan 26, 2025
1 parent 1ff3ba0 commit 90e9c1d
Showing 1 changed file with 4 additions and 7 deletions.
11 changes: 4 additions & 7 deletions tools/goctl/util/zipx/zipx.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,22 +41,19 @@ func fileCopy(file *zip.File, destPath string) error {
return err
}
defer rc.Close()

// Ensure the file path does not contain directory traversal elements
if strings.Contains(file.Name, "..") {
return fmt.Errorf("invalid file path: %s", file.Name)
}

abs, err := filepath.Abs(filepath.Join(destPath, file.Name))
abs, err := filepath.Abs(file.Name)
if err != nil {
return err
}

// Ensure the destination path is within the intended directory
if !strings.HasPrefix(abs, destPath) {
return fmt.Errorf("file path is outside the destination directory: %s", abs)
}

dir := filepath.Dir(abs)
filename := filepath.Join(destPath, filepath.Base(abs))
dir := filepath.Dir(filename)
err = pathx.MkdirIfNotExist(dir)
if err != nil {
return err
Expand Down

0 comments on commit 90e9c1d

Please sign in to comment.