github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-08-20 13:33:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: updated islazy/zip version to fiz a zip.Unzip related bug

Browse source
This commit is contained in:
evilsocket 2019-03-27 13:48:21 +01:00
commit da2681375f
No known key found for this signature in database
GPG key ID: 1564D7F30393A456
2 changed files with 36 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Gopkg.lock generated
View file

@ -83,7 +83,7 @@
revision = "2ce16c963a8ac5bd6af851d4877e38701346983f"
[[projects]]
digest = "1:da1be9af4c3f262bd385cc722b08d98d4a47ddea57731e98b85c7ba21b35bc31"
digest = "1:5247f5757ba31623c464db149dc272a37604516d8fbae1561b36e0d7cee070a5"
name = "github.com/evilsocket/islazy"
packages = [
"data",
@ -96,8 +96,8 @@
"zip",
]
pruneopts = "UT"
revision = "6ef79e84ded205e48f296d21e3bc65d1cf4f5c78"
version = "v1.10.3"
revision = "c5c7a41bb1c20e6df409825ed24af8de5fb7fb70"
version = "v1.10.4"
[[projects]]
branch = "master"

42
vendor/github.com/evilsocket/islazy/zip/unzip.go generated vendored
View file

@ -13,6 +13,8 @@ import (
// within the zip file (parameter 1) to an output directory (parameter 2).
// Credits to https://golangcode.com/unzip-files-in-go/
func Unzip(src string, dest string) ([]string, error) {
var outFile *os.File
var zipFile io.ReadCloser
var filenames []string
r, err := zip.OpenReader(src)
@ -21,33 +23,55 @@ func Unzip(src string, dest string) ([]string, error) {
}
defer r.Close()
clean := func() {
if outFile != nil {
outFile.Close()
outFile = nil
}
if zipFile != nil {
zipFile.Close()
zipFile = nil
}
}
for _, f := range r.File {
rc, err := f.Open()
zipFile, err = f.Open()
if err != nil {
return filenames, err
}
defer rc.Close()
// Store filename/path for returning and using later on
fpath := filepath.Join(dest, f.Name)
// Check for ZipSlip. More Info: https://snyk.io/research/zip-slip-vulnerability#go
if !strings.HasPrefix(fpath, filepath.Clean(dest)+string(os.PathSeparator)) {
clean()
return filenames, fmt.Errorf("%s: illegal file path", fpath)
}
filenames = append(filenames, fpath)
if f.FileInfo().IsDir() {
os.MkdirAll(fpath, os.ModePerm)
} else if err = os.MkdirAll(filepath.Dir(fpath), os.ModePerm); err != nil {
return filenames, err
} else if outFile, err := os.OpenFile(fpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode()); err != nil {
return filenames, err
} else {
defer outFile.Close()
if _, err = io.Copy(outFile, rc); err != nil {
clean()
continue
}
if err = os.MkdirAll(filepath.Dir(fpath), os.ModePerm); err != nil {
clean()
return filenames, err
}
outFile, err = os.OpenFile(fpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
if err != nil {
clean()
return filenames, err
}
_, err = io.Copy(outFile, zipFile)
clean()
if err != nil {
return filenames, err
}
}