-
Notifications
You must be signed in to change notification settings - Fork 2
/
ziptools.go
78 lines (66 loc) · 1.62 KB
/
ziptools.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package main
import (
"archive/zip"
"fmt"
"io"
"os"
"path/filepath"
"strings"
"github.com/kendfss/but"
"github.com/kendfss/namespacer"
)
func unzipSource(source, destination string) error {
// Open the zip file
reader, err := zip.OpenReader(source)
if err != nil {
return err
}
defer reader.Close()
// Get the absolute destination path
destination, err = filepath.Abs(destination)
if err != nil {
return err
}
// Iterate over zip files inside the archive and unzip each of them
for _, f := range reader.File {
err := unzipSub(f, destination)
if err != nil {
return err
}
}
return nil
}
func unzipSub(f *zip.File, root string) error {
// Check if file paths are not vulnerable to Zip Slip
filePath, er := namespacer.SpacedName(filepath.Join(root, f.Name))
but.Must(er)
if !strings.HasPrefix(filePath, filepath.Clean(root)+string(os.PathSeparator)) {
return fmt.Errorf("invalid file path: %q", filePath)
}
// Create directory tree
if f.FileInfo().IsDir() {
if err := os.MkdirAll(filePath, os.ModePerm); err != nil {
return err
}
return nil
}
if err := os.MkdirAll(filepath.Dir(filePath), os.ModePerm); err != nil {
return err
}
// Create a destination file for unzipped content
destinationFile, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
if err != nil {
return err
}
defer destinationFile.Close()
// Unzip the content of a file and copy it to the destination file
zippedFile, err := f.Open()
if err != nil {
return err
}
defer zippedFile.Close()
if _, err := io.Copy(destinationFile, zippedFile); err != nil {
return err
}
return nil
}