kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/pkg/archive
History
Cory Snider 833139f390 pkg/archive: audit gosec file-traversal lints 
The recently-upgraded gosec linter has a rule for archive extraction
code which may be vulnerable to directory traversal attacks, a.k.a. Zip
Slip. Gosec's detection is unfortunately prone to false positives,
however: it flags any filepath.Join call with an argument derived from a
tar.Header value, irrespective of whether the resultant path is used for
filesystem operations or if directory traversal attacks are guarded
against.

All of the lint errors reported by gosec appear to be false positives.

Signed-off-by: Cory Snider <csnider@mirantis.com>
 		2022-02-18 15:42:22 -05:00
..
testdata
README.md
archive.go pkg/archive: audit gosec file-traversal lints 2022-02-18 15:42:22 -05:00
archive_linux.go pkg/archive: audit gosec file-traversal lints 2022-02-18 15:42:22 -05:00
archive_linux_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
archive_other.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
archive_test.go Remove local fork of archive/tar package 2022-02-18 13:40:19 -05:00
archive_unix.go Remove local fork of archive/tar package 2022-02-18 13:40:19 -05:00
archive_unix_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
archive_windows.go pkg/archive: normalize comment formatting 2019-11-27 15:38:49 +01:00
archive_windows_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
changes.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
changes_linux.go Update overlay2 to use naive diff for changes 2018-06-20 11:07:36 -07:00
changes_other.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
changes_posix_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
changes_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
changes_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
changes_windows.go pkg/archive fixes, and port most unit tests to Windows 2018-11-26 10:20:40 -08:00
copy.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
copy_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
copy_unix_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
copy_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
diff.go pkg/archive: audit gosec file-traversal lints 2022-02-18 15:42:22 -05:00
diff_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
example_changes.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
time_linux.go Various code-cleanup 2018-05-23 17:50:54 +02:00
time_unsupported.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
utils_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
whiteouts.go Add canonical import comment 2018-02-05 16:51:57 -05:00
wrap.go Add canonical import comment 2018-02-05 16:51:57 -05:00
wrap_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00

README.md

This code provides helper functions for dealing with archive files.