Allow a file or directory having a name with two subsequent dots whil…

…e still preventing path traversal
shipwright-io · Nov 9, 2023 · 5cb0f9e · 5cb0f9e
1 parent f7d84ce
commit 5cb0f9e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/bundle/bundle.go b/pkg/bundle/bundle.go
@@ -240,7 +240,7 @@ func Unpack(in io.Reader, targetPath string) error {
 		}
 
 		var target = filepath.Join(targetPath, header.Name)
-		if strings.Contains(target, "..") {
+		if strings.Contains(target, "/../") {
 			return fmt.Errorf("targetPath validation failed, path contains unexpected special elements")
 		}