Skip to content

Commit

Permalink
update path check
Browse files Browse the repository at this point in the history 
Signed-off-by: hirokuni-kitahara <[email protected]>
  • Loading branch information
@hirokuni-kitahara
hirokuni-kitahara committed Dec 3, 2024
1 parent ccc325f commit b82c3a7
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/util/image.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ func GetYAMLsInArtifact(blob []byte) ([][]byte, error) {

// Skip files that have path starting with ".."
// Ref: CWE-22
if !strings.Contains(header.Name, "..") {
if strings.HasPrefix(header.Name, "..") {
continue
}

Expand Down

0 comments on commit b82c3a7

Please sign in to comment.