search

chocolatey / package-validator

Windows service to validate packages conform to package standards
Apache License 2.0
31 stars 29 forks source link

[Requirement] Do not unzip into chocolatey\bin directly #175

Open ferventcoder opened 6 years ago

ferventcoder commented 6 years ago

This is bad because it could just overwrite files and put lots of junk files and folders here. This directory is controlled by Chocolatey and has an API for placing files here - that is through https://chocolatey.org/docs/helpers-install-bin-file if they don't automatically end up in here.

$packageArgs = @{
  packageName   = $env:ChocolateyPackageName
  unzipLocation = "C:\ProgramData\chocolatey\bin"
  url           = $url
  checksum      = 'asdfasdf'
  checksumType  = 'sha256'
}

Install-ChocolateyZipPackage @packageArgs
ferventcoder commented 4 years ago

This should be expanded to ensure that nothing is copied to that folder either.