Update internal/unpackinfo/unpackinfo.go

Co-authored-by: Kent Gruber <kent.picat.gruber@gmail.com>
hashicorp · Jan 27, 2025 · 9bf13d2 · 9bf13d2
1 parent be79e05
commit 9bf13d2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/internal/unpackinfo/unpackinfo.go b/internal/unpackinfo/unpackinfo.go
@@ -44,7 +44,7 @@ func NewUnpackInfo(dst string, header *tar.Header) (UnpackInfo, error) {
 
 	// Check for path traversal by ensuring the target is within the destination
 	rel, err := filepath.Rel(dst, target)
-	if err != nil || strings.HasPrefix(rel, "..") || strings.Contains(dst, "..") || strings.Contains(path, "..") {
+	if err != nil || strings.HasPrefix(rel, "..") {
 		return UnpackInfo{}, errors.New("invalid filename, traversal with \"..\" outside of current directory")
 	}