This repository has been archived by the owner on Apr 30, 2024. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
check for tarballs containing sketchy symlinks
It's acceptable for a tarball to have a symlink at `a/b/c/foo.txt` that points to `../../../foo.txt` (see `legal_symlink_dots.tar`), because that symlink "stays within" the archive. However, it should be illegal for the same symlink to point to `../../../../foo.txt` (see `illegal_symlink_dots.tar`), because that symlink "reaches outside" the archive. Similarly, it should always be illegal for a tarball to hold a symlink pointing to an absolute path. Add validation and tests cases for these behaviors.
- Loading branch information