kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/pkg/tarsum
History
Cory Snider 833139f390 pkg/archive: audit gosec file-traversal lints 
The recently-upgraded gosec linter has a rule for archive extraction
code which may be vulnerable to directory traversal attacks, a.k.a. Zip
Slip. Gosec's detection is unfortunately prone to false positives,
however: it flags any filepath.Join call with an argument derived from a
tar.Header value, irrespective of whether the resultant path is used for
filesystem operations or if directory traversal attacks are guarded
against.

All of the lint errors reported by gosec appear to be false positives.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-02-18 15:42:22 -05:00
..
testdata
builder_context.go Add canonical import comment 2018-02-05 16:51:57 -05:00
builder_context_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
fileinfosums.go Add canonical import comment 2018-02-05 16:51:57 -05:00
fileinfosums_test.go Add canonical import comment 2018-02-05 16:51:57 -05:00
tarsum.go pkg/archive: audit gosec file-traversal lints 2022-02-18 15:42:22 -05:00
tarsum_spec.md
tarsum_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
versioning.go Add canonical import comment 2018-02-05 16:51:57 -05:00
versioning_test.go Add canonical import comment 2018-02-05 16:51:57 -05:00
writercloser.go Add canonical import comment 2018-02-05 16:51:57 -05:00