66744469d4
RubyZip allows us to perform strong validation of expanded paths where we do extract file. We introduce the following additional checks to extract routines: 1. None of path components can be symlinked, 2. We drop privileges support for directories, 3. Symlink source needs to point within the target directory, like `public/`, 4. The symlink source needs to exist ahead of time. |
||
|---|---|---|
| .. | ||
| invalid-symlink-does-not-exist.zip | ||
| invalid-symlinks-outside.zip | ||
| valid-non-writeable.zip | ||
| valid-simple.zip | ||
| valid-symlinks-first.zip | ||