833139f390
The recently-upgraded gosec linter has a rule for archive extraction code which may be vulnerable to directory traversal attacks, a.k.a. Zip Slip. Gosec's detection is unfortunately prone to false positives, however: it flags any filepath.Join call with an argument derived from a tar.Header value, irrespective of whether the resultant path is used for filesystem operations or if directory traversal attacks are guarded against. All of the lint errors reported by gosec appear to be false positives. Signed-off-by: Cory Snider <csnider@mirantis.com> |
||
|---|---|---|
| .. | ||
| testdata | ||
| builder_context.go | ||
| builder_context_test.go | ||
| fileinfosums.go | ||
| fileinfosums_test.go | ||
| tarsum.go | ||
| tarsum_spec.md | ||
| tarsum_test.go | ||
| versioning.go | ||
| versioning_test.go | ||
| writercloser.go | ||