Removes functionality to symlink to something with and absolute path.…

… This is a avoid zip slipping
paketo-buildpacks · Jun 11, 2021 · 6586ce5 · 6586ce5
1 parent 532340d
commit 6586ce5
Showing 1 changed file with 2 additions and 14 deletions.
diff --git a/vacation/vacation.go b/vacation/vacation.go
@@ -206,14 +206,8 @@ func (ta TarArchive) Decompress(destination string) error {
 	})
 
 	for _, h := range symlinkHeaders {
-		evalPath := linknameFullPath(h.path, h.linkname)
-		// Don't use constucted link if the link is absolute
-		if filepath.IsAbs(h.linkname) {
-			evalPath = h.linkname
-		}
-
 		// Check to see if the file that will be linked to is valid for symlinking
-		_, err := filepath.EvalSymlinks(evalPath)
+		_, err := filepath.EvalSymlinks(linknameFullPath(h.path, h.linkname))
 		if err != nil {
 			return fmt.Errorf("failed to evaluate symlink %s: %w", h.path, err)
 		}
@@ -481,14 +475,8 @@ func (z ZipArchive) Decompress(destination string) error {
 	})
 
 	for _, h := range symlinkHeaders {
-		evalPath := linknameFullPath(h.path, h.linkname)
-		// Don't use constucted link if the link is absolute
-		if filepath.IsAbs(h.linkname) {
-			evalPath = h.linkname
-		}
-
 		// Check to see if the file that will be linked to is valid for symlinking
-		_, err := filepath.EvalSymlinks(evalPath)
+		_, err := filepath.EvalSymlinks(linknameFullPath(h.path, h.linkname))
 		if err != nil {
 			return fmt.Errorf("failed to evaluate symlink %s: %w", h.path, err)
 		}