moby/pkg/tarsum
Cory Snider 833139f390 pkg/archive: audit gosec file-traversal lints
The recently-upgraded gosec linter has a rule for archive extraction
code which may be vulnerable to directory traversal attacks, a.k.a. Zip
Slip. Gosec's detection is unfortunately prone to false positives,
however: it flags any filepath.Join call with an argument derived from a
tar.Header value, irrespective of whether the resultant path is used for
filesystem operations or if directory traversal attacks are guarded
against.

All of the lint errors reported by gosec appear to be false positives.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-02-18 15:42:22 -05:00
..
testdata Remove PortSpecs from Config 2015-05-29 22:38:09 +02:00
builder_context.go Add canonical import comment 2018-02-05 16:51:57 -05:00
builder_context_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
fileinfosums.go Add canonical import comment 2018-02-05 16:51:57 -05:00
fileinfosums_test.go Add canonical import comment 2018-02-05 16:51:57 -05:00
tarsum.go pkg/archive: audit gosec file-traversal lints 2022-02-18 15:42:22 -05:00
tarsum_spec.md fix common misspell 2016-02-11 15:49:36 -08:00
tarsum_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
versioning.go Add canonical import comment 2018-02-05 16:51:57 -05:00
versioning_test.go Add canonical import comment 2018-02-05 16:51:57 -05:00
writercloser.go Add canonical import comment 2018-02-05 16:51:57 -05:00