Merge pull request #364 from pixlise/feature/em-import

Fixing warning from CodeQL saying if uploaded scan zip has .. in a pa…
pixlise · Nov 15, 2024 · 1b6b4f7 · 1b6b4f7
2 parents 4e2585e + 016584d
commit 1b6b4f7
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/api/ws/handlers/scan.go b/api/ws/handlers/scan.go
@@ -510,6 +510,10 @@ func processEM(importId string, zipReader *zip.Reader, zippedData []byte, destBu
 	sdf_raw_zipPath := ""
 
 	for _, f := range zipReader.File {
+		if strings.Contains(f.Name, "..") {
+			return fmt.Errorf("Found invalid path in zip that references ..: %v", f.Name)
+		}
+
 		if !f.FileInfo().IsDir() {
 			// Add to list of files we're interested in
 			if strings.HasSuffix(f.Name, "sdf_raw.txt") {