1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/pkg/tarsum
Cory Snider 833139f390 pkg/archive: audit gosec file-traversal lints
The recently-upgraded gosec linter has a rule for archive extraction
code which may be vulnerable to directory traversal attacks, a.k.a. Zip
Slip. Gosec's detection is unfortunately prone to false positives,
however: it flags any filepath.Join call with an argument derived from a
tar.Header value, irrespective of whether the resultant path is used for
filesystem operations or if directory traversal attacks are guarded
against.

All of the lint errors reported by gosec appear to be false positives.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-02-18 15:42:22 -05:00
..
testdata
builder_context.go
builder_context_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
fileinfosums.go
fileinfosums_test.go
tarsum.go pkg/archive: audit gosec file-traversal lints 2022-02-18 15:42:22 -05:00
tarsum_spec.md
tarsum_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
versioning.go
versioning_test.go
writercloser.go