Closed StefanKarpinski closed 1 year ago
Base: 97.30% // Head: 97.31% // Increases project coverage by +0.01%
:tada:
Coverage data is based on head (
63c5610
) compared to base (1de4f92
). Patch coverage: 100.00% of modified lines in pull request are covered.:exclamation: Current head 63c5610 differs from pull request most recent head 564bdd2. Consider uploading reports for the commit 564bdd2 to get more accurate results
:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
We have always prevented this for security reasons, but although we have tested that the fancy attacks using symlinks are prevented, we haven't been testing that the basic attack of extracting a relative or absolute path outside of the tarball is prevented. This adds tests for that. It also factors the common logic for these attack tests into a helper function and tests that
Tar.rewrite
errors in the same way.