Merge pull request shipwright-io#1429 from SaschaSchwarze0/sascha-all…

…-doubledot-in-name Allow a file or directory having a name with two subsequent dots while still preventing path traversal
apoorvajagtap · Nov 9, 2023 · 3a85565 · 3a85565
2 parents f7d84ce + 5cb0f9e
commit 3a85565
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/bundle/bundle.go b/pkg/bundle/bundle.go
@@ -240,7 +240,7 @@ func Unpack(in io.Reader, targetPath string) error {
 		}
 
 		var target = filepath.Join(targetPath, header.Name)
-		if strings.Contains(target, "..") {
+		if strings.Contains(target, "/../") {
 			return fmt.Errorf("targetPath validation failed, path contains unexpected special elements")
 		}